Any suggestions? Export (0) Print
Expand All

Export-ExchangeCertificate

 

Applies to: Exchange Server 2016

This cmdlet is available only in on-premises Exchange Server 2016.

Use the Export-ExchangeCertificate cmdlet to export an existing certificate from the certificate store on the local computer. You can export a certificate with its private key or a certificate request file.

Export-ExchangeCertificate -Thumbprint <String> [-Server <ServerIdParameter>] <COMMON PARAMETERS>
Export-ExchangeCertificate [-Identity <ExchangeCertificateIdParameter>] <COMMON PARAMETERS>
COMMON PARAMETERS: [-BinaryEncoded <SwitchParameter>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-FileName <String>] [-Password <SecureString>] [-WhatIf [<SwitchParameter>]]

This example exports a certificate specified by its thumbprint, along with the private key, to a file named htcert.pfx in the certificates directory on a Hub Transport server. The exported certificate is DER-encoded. A password is required when exporting a certificate with its private key.

The following command uses the Export-ExchangeCertificate cmdlet to export certificate data to the variable $file.

$file = Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Password (Get-Credential).password

The following command uses the Set-Content cmdlet to write data stored in the variable $file to the file htcert.pfx.

Set-Content -Path "c:\certificates\htcert.pfx" -Value $file.FileData -Encoding Byte

The Export-ExchangeCertificate cmdlet creates either of the following files:

  • PKCS #10 file   If the thumbprint specified in the command points to a certificate request, the Export-ExchangeCertificate cmdlet creates a PKCS #10 file. A thumbprint is the digest of the certificate data. PKCS #10 is the Certification Request Syntax standard specified by RFC 2314. For more information, see PKCS #10: Certification Request Syntax.

  • PKCS #12 file   If the thumbprint specified in the command points to an actual certificate, the Export-ExchangeCertificate cmdlet creates a PKCS #12 file. PKCS #12 is the Personal Information Exchange Syntax standard specified by RSA Laboratories. For more information, see PKCS #12: Personal Information Exchange Syntax Standard.

    importantImportant:
    When you use the Export-ExchangeCertificate cmdlet, you must export certificate data to a variable, as shown in "Examples" later in this topic, and then use the Set-Content cmdlet to write the data to a file. For more information about the Set-Content cmdlet, see Set-Content.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Certificate management" entry in the Exchange infrastructure and PowerShell permissions topic.

 

Parameter Required Type Description

Thumbprint

Required

System.String

The Thumbprint parameter specifies the thumbprint of the certificate that you're exporting. Each certificate contains a thumbprint, which is the digest of the certificate data. It can be retrieved by using the Get-ExchangeCertificate cmdlet.

BinaryEncoded

Optional

System.Management.Automation.SwitchParameter

The BinaryEncoded parameter specifies how the exported file is encoded. By default, this command creates a Base64-encoded file.

To create a DER-encoded file, set this parameter to $true.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.

  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.

The DomainController parameter isn't supported on Edge Transport servers. An Edge Transport server uses the local instance of Active Directory Lightweight Directory Services (AD LDS) to read and write data.

FileName

Optional

System.String

The FileName parameter specifies the name of the file that will contain the exported certificate.

Identity

Optional

Microsoft.Exchange.Configuration.Tasks.ExchangeCertificateIdParameter

The Identity parameter specifies the certificate ID.

Password

Optional

System.Security.SecureString

The Password parameter specifies the password for the private key that's exported with this command. Use the Get-Credential cmdlet to store the password variable.

The Get-Credential cmdlet will prompt you for a user name and password, but only the password field is used to export or import the certificate. Therefore, you don't have to use a real domain name or user name in the Name field. For implementation details, see "Examples" later in this topic.

Server

Optional

Microsoft.Exchange.Configuration.Tasks.ServerIdParameter

The Server parameter specifies the server name from which you want to export the certificate.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

 
Show:
© 2016 Microsoft