Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

You can use the Shell to export a Secure Sockets Layer (SSL) certificate. An SSL certificate is installed on a Microsoft Exchange Server 2010 Client Access server. The SSL certificate enables the Client Access server to encrypt communications with clients by using SSL technology. The SSL certificate installed on the Client Access server can be the default self-signed certificate, a certificate from a Windows public key infrastructure (PKI) certification authority (CA), or a certificate from a trusted commercial third-party CA.

You can export an existing certificate or a certificate request. To install a copy of the SSL certificate on a client computer or a mobile phone, the certificate must be exported by using the Export-ExchangeCertificate cmdlet.

Previous versions of Microsoft Exchange let you use Internet Information Services (IIS) to save a copy of the certificate. Although IIS will still let you save a copy of the certificate in Exchange 2010, we don't recommend that you do this. Use the Export-ExchangeCertificate cmdlet to generate a copy of the certificate for importing to another server, client computer, or mobile phone.

After you've exported the SSL certificate in the form of a PKCS #12 file, the file can then be imported by the following:

Looking for other management tasks related to SSL? Check out Managing SSL for a Client Access Server.

Use the Shell to export an SSL certificate

The following command uses the Export-ExchangeCertificate cmdlet to export certificate data to the variable $file.

Copy Code
$file = Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Password (Get-Credential).password

For more information about syntax and parameters, see Export-ExchangeCertificate.