SSL certificates give your organization a way to communicate securely. SSL for Exchange protects email communication. Once you receive your SSL certificate from an official CA, you can import it to your Exchange server. You can also transfer a certificate file from one server to another. This can be done using The Import-Certificate PowerShell cmdlet or manually in your Exchange Server Admin.
Import Using the Exchange Admin
When you export an SSL certificate, you should store the PFX file in a place that the Exchange server can access it. You’ll need this file to import your certificate.
First, open the Exchange admin center and go to the Certificates section. In the left panel, click “Servers.” A list of pending and valid certificates is shown. If you have any pending certificates, this is also where you complete the requests from the certificate authority.
Click the button labeled “…” and select “Import Exchange Certificate.” This starts the wizard that helps you import your PFX file.
In the next window, select the location and name of the PFX file and supply your key’s password. This is the password you chose when you created the certificate. Click “Next.”
The next window asks you for all the Exchange servers you want to import the certificate to. The local server is shown by default, but you can deploy it to your farm if you have several Exchange servers.
Click “Finish” to complete the import, and you’re finished. In the Exchange admin, you should now see the imported certificate listed as a valid certificate for your server.
Import Using PowerShell
Microsoft has been pushing its PowerShell command applet. If you’re not already familiar with PowerShell, you should be. PowerShell cmdlets are available for several commands within the Windows operating system. Microsoft pushes PowerShell especially since its release of Windows Server 2012. If you haven’t gotten familiar with it, you’ll find PowerShell in the Accessories section or just type PowerShell in the Run command in older Windows versions. You can even access PowerShell in Windows 7.
PowerShell is similar to DOS except it uses commandlets, which are small applications that automate some system tasks. One such task is importing SSL certificates to an Exchange server.
After you open PowerShell, you need the following template, which is the command to import your PFX file.
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path \\SERVER\FILE.PFX -Encoding byte -ReadCount 0)) -Password:PASSWORD
The “Path” is the location of the PFX file you have stored on your server. It can be a UNC path on another server, but remember that the Exchange server must be able to access the file and its location.
The “Password” switch is the password to open the file. This is the same certificate password you created when you set up the certificate request.
Just press “Enter” and you’re finished. When PowerShell is finished importing the certificate, it gives you verification by listing the certificate thumbprint and information about the file.
After you’ve imported your file, you can use encrypted services on Exchange.
Leave a Comment