Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-11-19
Use the Export-ExchangeCertificate cmdlet to export an existing certificate from the certificate store on the local computer. You can export a certificate with its private key or a certificate request file.
Syntax
Export-ExchangeCertificate -Thumbprint <String>
[-BinaryEncoded <SwitchParameter>] [-Confirm
[<SwitchParameter>]] [-DomainController <Fqdn>]
[-Password <SecureString>] [-Server
<ServerIdParameter>] [-WhatIf
[<SwitchParameter>]]
|
Detailed Description
The Export-ExchangeCertificate cmdlet creates either of the following files:
- PKCS #10 file If the thumbprint
specified in the command points to a certificate request, the
Export-ExchangeCertificate cmdlet creates a PKCS #10 file. A
thumbprint is the digest of the certificate data. PKCS #10 is the
Certification Request Syntax standard specified by RFC 2314. For
more information, see PKCS #10: Certification Request
Syntax.
- PKCS #12 file If the thumbprint
specified in the command points to an actual certificate, the
Export-ExchangeCertificate cmdlet creates a PKCS #12 file.
PKCS #12 is the Personal Information Exchange Syntax standard
specified by RSA Laboratories. For more information, see PKCS #12: Personal Information Exchange Syntax
Standard.
Important:When you use the Export-ExchangeCertificate cmdlet, you must export certificate data to a variable, as shown in "Examples" later in this topic, and then use the Set-Content cmdlet to write the data to a file. For more information, see Understanding Importing and Exporting Files in the Exchange Management Shell. For more information about the Set-Content cmdlet, see Set-Content.
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure Permissions topic.
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
|
Thumbprint |
Required |
System.String |
The Thumbprint parameter specifies the thumbprint of the certificate that you're exporting. Each certificate contains a thumbprint, which is the digest of the certificate data. It can be retrieved by using the Get-ExchangeCertificate cmdlet. |
|
BinaryEncoded |
Optional |
System.Management.Automation.SwitchParameter |
The BinaryEncoded parameter specifies how the exported file is encoded. By default, this command creates a Base64-encoded file. To create a DER-encoded file, set this parameter to
|
|
Confirm |
Optional |
System.Management.Automation.SwitchParameter |
The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch. |
|
DomainController |
Optional |
Microsoft.Exchange.Data.Fqdn |
The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory. The DomainController parameter isn't supported on the Edge Transport server role. The Edge Transport server role reads only from the Active Directory Lightweight Directory Services (AD LDS) instance. |
|
Password |
Optional |
System.Security.SecureString |
The Password parameter specifies the password for the private key that's exported with this command. Use the Get-Credential cmdlet to store the password variable. The Get-Credential cmdlet will prompt you for a user name and password, but only the password field is used to export or import the certificate. Therefore, you don't have to use a real domain name or user name in the Name field. For implementation details, see "Examples" later in this topic. |
|
Server |
Optional |
Microsoft.Exchange.Configuration.Tasks.ServerIdParameter |
The Server parameter specifies the server name from which you want to export the certificate. |
|
WhatIf |
Optional |
System.Management.Automation.SwitchParameter |
The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch. |
Input Types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.
Examples
EXAMPLE 1
This example exports a certificate specified by its thumbprint, along with the private key, to a file named htcert.pfx in the certificates directory on a Hub Transport server. The exported certificate is DER-encoded. A password is required when exporting a certificate with its private key.
The following command uses the Export-ExchangeCertificate cmdlet to export certificate data to the variable $file.
 Copy Code |
|
|---|---|
$file = Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Password (Get-Credential).password |
|
The following command uses the Set-Content cmdlet to write data stored in the variable $file to the file htcert.pfx.
| Copy Code |
|
|---|---|
Set-Content -Path "c:\certificates\htcert.pfx" -Value $file.FileData -Encoding Byte |
|