Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2007-06-28

Use the Export-ExchangeCertificate cmdlet to export an existing certificate from the certificate store on the local computer.

Syntax

Export-ExchangeCertificate -Thumbprint <String> [-BinaryEncoded <SwitchParameter>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Force <SwitchParameter>] [-Password <SecureString>] [-Path <String>] [-WhatIf [<SwitchParameter>]]

Parameters

Parameter Required Type Description

Thumbprint

Required

System.String

Use this parameter to specify the thumbprint of the certificate that you are exporting. Each certificate contains a thumbprint, which is the digest of the certificate data.

BinaryEncoded

Optional

System.Management.Automation.SwitchParameter

Use this switch parameter to specify how the exported file will be encoded. By default, this cmdlet creates a Base64-encoded file.

To create a DER-encoded file, set this parameter to $true.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm parameter causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm parameter.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

To specify the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to the Active Directory directory service, include the DomainController parameter on the command. The DomainController parameter is not supported on computers that run the Edge Transport server role. The Edge Transport server role reads and writes only to the local ADAM instance.

Force

Optional

System.Management.Automation.SwitchParameter

Use this switch parameter to overwrite an existing certificate request file that matches the same file path as specified in this cmdlet.

By default, this cmdlet will not overwrite existing files.

Password

Optional

System.Security.SecureString

Use this parameter to specify the password for the key that will be exported with this command. Use the Get-Credential cmdlet to store the password variable.

The Get-Credential cmdlet will prompt you for a user name and password, but only the password field is used to export or import the certificate. Therefore, you don't have to use a real domain name or user name in the Name field. See the example for implementation details.

Path

Optional

System.String

Use this parameter to specify a path of the resulting PKCS #10 file or PKCS #12 file.

You must specify the name of the file when you use this parameter. For PKCS #10 (certificate request), the extension must be .req. For PKCS #12 (certificate), the extension must be .pfx or .p12. The following code shows examples of a PKCS #10 file or PKCS #12 file respectively:

Copy Code
-Path c:\certificates\myrequest.req
-Path c:\certificates\mycert.pfx

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf parameter instructs the command to simulate the actions that it would take on the object. By using the WhatIf parameter, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf parameter.

Detailed Description

The Export-ExchangeCertificate cmdlet creates either of the following files:

  • A PKCS #10 file

  • A PKCS #12 file

If the thumbprint that is specified in the cmdlet, points to a certificate request, the Export-ExchangeCertificate cmdlet creates a PKCS#10 file. A thumbprint is the digest of the certificate data. PKCS #10 is the Certification Request Syntax Standard that is specified by RFC 2314 (http://www.ietf.org/rfc/rfc2314.txt).

If the thumbprint that is specified in the cmdlet, points to an actual certificate, the Export-ExchangeCertificate cmdlet creates a PKCS #12 file. PKCS #12 is the Personal Information Exchange Syntax Standard that is specified by RSA (http://www.rsasecurity.com/rsalabs/node.asp?id=2138).

Note:
The third-party Web site information in this topic is provided to help you find the technical information you need. The URLs are subject to change without notice.

To run the Export-ExchangeCertificate cmdlet, the account you use must be delegated the following:

  • Exchange Server Administrator role and local Administrators group for the target server

To run the Export-ExchangeCertificate cmdlet on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

Input Types

Return Types

Errors

Error Description

 

Exceptions

Exceptions Description

 

Example

The following example exports a DER-encoded certificate to a local directory on the computer.

Copy Code
Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Path c:\certificates\export.pfx -Password:(Get-Credential).password