Certificate Installation: Exchange 2010 (PowerShell)
Posted by Technical Support PT, Last modified by Support Team Lead - FL on January 28 2016 18:10

Once you receive your certificate issuance ZIP file, extract the file(s) contained in the ZIP file to the server. We recommend extracting these to the Desktop or a new directory all together.

Option 1

From the Exchange Management Shell, run the following command to install the server, root, and intermediate certificates to their respective certificate stores:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\YOUR_CERTIFICATE.cer -Encoding byte -ReadCount 0))

Note: If you received .crt(s) instead of one .cer file, then you will want to ensure that YOUR_CERTIFICATE.cer is YOUR_ORDER_NUMBER.crt or YOUR_FQDN.crt. As a result of this format, you may need to install the Root & Intermediate certificate(s) on your server manually. See Related Articles section of this document for more details on how to do this.

Make sure there are no spaces in your path. As a result of running this command, it should output a thumbprint. (In the event you've lost your thumbprint, you can copy it from the MMC Certificates Snap-in.)

Then, to enable the services, run the following:

Exchange 2007:
Enable-ExchangeCertificate -Thumbprint 1234ae0567a72fccb75b1d0198628675333d010e -Services "POP,IMAP,SMTP,IIS"

Note: replace thumbprint 1234 with $your_Thumbprint

(This assumes that you'll be running the above services)

Exchange 2010:
Enable-ExchangeCertificate -Thumbprint 1234ae0567a72fccb75b1d0198628675333d010e -Services POP,IMAP,SMTP,IIS

Note: replace thumbprint 1234 with $your_Thumbprint

Option 2

Alternatively you can run the following command to import & enable services in one line.

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\YOUR_CERTIFICATE.cer -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services "IIS,POP,IMAP,SMTP"

Related Articles

(1296 vote(s))
Not helpful

Comments (0)