Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2011-08-25
Microsoft Exchange Server 2010 creates a self-signed certificate during installation that uses all the server and domain names that are known to it at the time of installation. However, you can also use certificates that are signed by a Certification Authority (CA). After you have sent the certificate request to a CA, the CA issues a certificate or chain of certificates. In both cases, the certificates are delivered as files that you must install with the Import-ExchangeCertificate cmdlet.
|Do not use the Certificate Manager snap-in to import the certificates for any service on an Exchange server. Using the Certificate Manager snap-in to import certificates on Exchange servers will fail. Therefore, TLS or other Exchange certificate services will not work.|
Looking for other management tasks related to certificates? Check out Certificates.
- You must first generate a certificate request and send that
request to your CA. For detailed steps, see Generate Request for
Third-Party Certificate Services.
- You must place the certificates issued by your CA at a location
accessible on your network.
Use the Shell to install certificates issued by a CA
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Certificate management" entry in the Transport Permissions topic.
|You can't use the EMC to install certificates issued by a CA.|
You use the Import-ExchangeCertificate cmdlet to install a certificate issued by your CA. The following example shows how to import and enable a certificate for SMTP TLS:
Import-ExchangeCertificate -FileData ([Byte]$(Get-Content -Path c:\certificates\newcert.cer -Encoding Byte -ReadCount 0)) | Enable-ExchangeCertificate -Services SMTP
The following example shows how to import a certificate and enable it for a Client Access server that supports POP3 clients.
Import-ExchangeCertificate -FileData ([Byte]$(Get-Content -Path c:\certificates\newcert.p7b -Encoding Byte -ReadCount 0)) | Enable-ExchangeCertificate -Services IIS,POP