Applies to: Exchange Server 2010 SP2, Exchange Server 2010 SP3

Topic Last Modified: 2015-03-09

Use the Get-ExchangeCertificate cmdlet to view certificates in the local certificate store.

Get-ExchangeCertificate [-Thumbprint <String>] [-DomainController <Fqdn>] [-DomainName <MultiValuedProperty>] [-Server <ServerIdParameter>]

Get-ExchangeCertificate [-DomainController <Fqdn>] [-DomainName <MultiValuedProperty>] [-Instance <X509Certificate2>] [-Server <ServerIdParameter>]

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure Permissions topic.


Parameter Required Type Description




The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory. The DomainController parameter isn't supported on the Edge Transport server role. The Edge Transport server role reads only from the Active Directory Lightweight Directory Services (AD LDS) instance.




The DomainName parameter specifies whether to return all certificates that contain the specified domain name in the Subject Name or the Subject Alternative Name fields.




The Instance parameter is no longer used and will be deprecated.




The Server parameter specifies the server name from which you want to get the certificate.




The Thumbprint parameter specifies a certificate thumbprint. Each certificate contains a thumbprint, which is the digest of the certificate data.

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

This example returns all certificates stored in the local computer certificate store.


This example returns the properties of a specified certificate in a formatted list.

The Thumbprint parameter is a positional parameter so you can provide only the thumbprint value without the Thumbprint parameter name.
Get-ExchangeCertificate 0271A7F1CA9AD8A27152CCAE044F968F068B14B8 | Format-List *

This example shows which certificate Exchange will select for the domain name A Send or Receive connector selects the certificate to use based on the fully qualified domain name (FQDN) of the connector. If you have multiple certificates with the same FQDN, you can see which certificate Exchange will select by using the DomainName parameter to specify the FQDN. The first certificate returned is the certificate Exchange will select.

Get-ExchangeCertificate -DomainName