Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-11-19

Use the Get-ExchangeCertificate cmdlet to view certificates in the local certificate store.

Syntax

Get-ExchangeCertificate [-Thumbprint <String>] [-DomainController <Fqdn>] [-DomainName <MultiValuedProperty>] [-Server <ServerIdParameter>]
Get-ExchangeCertificate [-DomainController <Fqdn>] [-DomainName <MultiValuedProperty>] [-Instance <X509Certificate2>] [-Server <ServerIdParameter>]

Detailed Description

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure Permissions topic.

Parameters

Parameter Required Type Description

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory. The DomainController parameter isn't supported on the Edge Transport server role. The Edge Transport server role reads only from the Active Directory Lightweight Directory Services (AD LDS) instance.

DomainName

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The DomainName parameter specifies whether to return all certificates that contain the specified domain name in the Subject Name or the Subject Alternative Name fields.

Instance

Optional

System.Security.Cryptography.X509Certificates.X509Certificate2

The Instance parameter is no longer used and will be deprecated.

Server

Optional

Microsoft.Exchange.Configuration.Tasks.ServerIdParameter

The Server parameter specifies the server name from which you want to get the certificate.

Thumbprint

Optional

System.String

The Thumbprint parameter specifies a certificate thumbprint. Each certificate contains a thumbprint, which is the digest of the certificate data.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

Examples

EXAMPLE 1

This example returns all certificates stored in the local computer certificate store.

Copy Code
Get-ExchangeCertificate

EXAMPLE 2

This example returns the properties of a specified certificate in a formatted list.

Note:
The Thumbprint parameter is a positional parameter so you can provide only the thumbprint value without the Thumbprint parameter name.
Copy Code
Get-ExchangeCertificate 0271A7F1CA9AD8A27152CCAE044F968F068B14B8 | Format-List *

EXAMPLE 3

This example shows which certificate Exchange will select for the domain name mail.contoso.com. A Send or Receive connector selects the certificate to use based on the fully qualified domain name (FQDN) of the connector. If you have multiple certificates with the same FQDN, you can see which certificate Exchange will select by using the DomainName parameter to specify the FQDN. The first certificate returned is the certificate Exchange will select.

Copy Code
Get-ExchangeCertificate -DomainName mail.contoso.com