Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2007-06-28

Use the Get-ExchangeCertificate cmdlet to view certificates that are in the local certificate store.

Syntax

Get-ExchangeCertificate [-Thumbprint <String>] [-DomainName <MultiValuedProperty>]
Get-ExchangeCertificate [-DomainName <MultiValuedProperty>] [-Instance <X509Certificate2>]

Parameters

Parameter Required Type Description

DomainName

Optional

Microsoft.Exchange.Data.MultiValuedProperty

Use this parameter to return all certificates that contain the domain name that you specify in Subject Name field or the Subject Alternative Name field.

Instance

Optional

System.Security.Cryptography.X509Certificates.X509Certificate2

Use this parameter to pass a whole object to the command to be processed. This parameter is mainly used in scripts where a whole object must be passed to the command.

Thumbprint

Optional

System.String

Use this parameter to return the certificate with a matching thumbprint. Each certificate contains a thumbprint, which is the digest of the certificate data.

Detailed Description

To run the Get-ExchangeCertificate cmdlet, the account you use must be delegated the following:

  • Exchange View-Only Administrator role

To run the Get-ExchangeCertificate cmdlet on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

Input Types

Return Types

Errors

Error Description

 

Exceptions

Exceptions Description

 

Example

The first example returns all certificates stored in the local computer certificate store.

The second example returns the details, in a formatted list, about a specific certificate stored in the local computer certificate store.

Note:
The Thumbprint parameter is a positional parameter so only the Thumbprint value must be supplied.

The third example shows which certificate Exchange will pick for the Domain name, mail.contoso.com. A send or receive connector selects the certificate to use based on the FQDN of the connector. If you have multiple certificates with the same FQDN, you can see which certificate Exchange will pick by using the DomainName parameter. The first certificate returned is the certificate Exchange will pick.

Copy Code
Get-ExchangeCertificate
Get-ExchangeCertificate 5113ae0233a72fccb75b1d0198628675333d010e | fl
Get-ExchangeCertificate -DomainName mail1.contoso.com