Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2007-06-28
Use the Export-ExchangeCertificate cmdlet to export an existing certificate from the certificate store on the local computer.
Syntax
Export-ExchangeCertificate -Thumbprint <String>
[-BinaryEncoded <SwitchParameter>] [-Confirm
[<SwitchParameter>]] [-DomainController <Fqdn>] [-Force
<SwitchParameter>] [-Password <SecureString>] [-Path
<String>] [-WhatIf [<SwitchParameter>]]
|
Parameters
Parameter | Required | Type | Description | ||||
---|---|---|---|---|---|---|---|
Thumbprint |
Required |
System.String |
Use this parameter to specify the thumbprint of the certificate that you are exporting. Each certificate contains a thumbprint, which is the digest of the certificate data. |
||||
BinaryEncoded |
Optional |
System.Management.Automation.SwitchParameter |
Use this switch parameter to specify how the exported file will be encoded. By default, this cmdlet creates a Base64-encoded file. To create a DER-encoded file, set this parameter to
|
||||
Confirm |
Optional |
System.Management.Automation.SwitchParameter |
The Confirm parameter causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm parameter. |
||||
DomainController |
Optional |
Microsoft.Exchange.Data.Fqdn |
To specify the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to the Active Directory directory service, include the DomainController parameter on the command. The DomainController parameter is not supported on computers that run the Edge Transport server role. The Edge Transport server role reads and writes only to the local ADAM instance. |
||||
Force |
Optional |
System.Management.Automation.SwitchParameter |
Use this switch parameter to overwrite an existing certificate request file that matches the same file path as specified in this cmdlet. By default, this cmdlet will not overwrite existing files. |
||||
Password |
Optional |
System.Security.SecureString |
Use this parameter to specify the password for the key that will be exported with this command. Use the Get-Credential cmdlet to store the password variable. The Get-Credential cmdlet will prompt you for a user name and password, but only the password field is used to export or import the certificate. Therefore, you don't have to use a real domain name or user name in the Name field. See the example for implementation details. |
||||
Path |
Optional |
System.String |
Use this parameter to specify a path of the resulting PKCS #10 file or PKCS #12 file. You must specify the name of the file when you use this parameter. For PKCS #10 (certificate request), the extension must be .req. For PKCS #12 (certificate), the extension must be .pfx or .p12. The following code shows examples of a PKCS #10 file or PKCS #12 file respectively:
|
||||
WhatIf |
Optional |
System.Management.Automation.SwitchParameter |
The WhatIf parameter instructs the command to simulate the actions that it would take on the object. By using the WhatIf parameter, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf parameter. |
Detailed Description
The Export-ExchangeCertificate cmdlet creates either of the following files:
- A PKCS #10 file
- A PKCS #12 file
If the thumbprint that is specified in the cmdlet, points to a certificate request, the Export-ExchangeCertificate cmdlet creates a PKCS#10 file. A thumbprint is the digest of the certificate data. PKCS #10 is the Certification Request Syntax Standard that is specified by RFC 2314 (http://www.ietf.org/rfc/rfc2314.txt).
If the thumbprint that is specified in the cmdlet, points to an actual certificate, the Export-ExchangeCertificate cmdlet creates a PKCS #12 file. PKCS #12 is the Personal Information Exchange Syntax Standard that is specified by RSA (http://www.rsasecurity.com/rsalabs/node.asp?id=2138).
Note: |
---|
The third-party Web site information in this topic is provided to help you find the technical information you need. The URLs are subject to change without notice. |
To run the Export-ExchangeCertificate cmdlet, the account you use must be delegated the following:
- Exchange Server Administrator role and local Administrators
group for the target server
To run the Export-ExchangeCertificate cmdlet on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.
For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.
Input Types
Return Types
Errors
Error | Description |
---|---|
|
Exceptions
Exceptions | Description |
---|---|
|
Example
The following example exports a DER-encoded certificate to a local directory on the computer.
Copy Code | |
---|---|
Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Path c:\certificates\export.pfx -Password:(Get-Credential).password |