Table of Contents
Installing a certificate in Exchange Server is crucial for security. An SSL certificate is necessary to safeguard the Exchange Server. We possess an SSL certificate that we need to import into the Exchange Server, and there are two methods to accomplish this.
- Installing the certificate through the Exchange Admin Center is one method.
- Another method is to install an Exchange certificate using PowerShell.
Create shared folder
No matter the method used to install the certificate, the initial step is to create a shared folder and place the SSL certificate within it. It’s crucial to set the appropriate permissions for the folder, such as those for the SYSTEM account. Without the correct permissions, importing the certificate will fail and result in an error.
Import certificate in Exchange Server
Beginning with Exchange Server 2016 CU23 and subsequent versions, as well as Exchange Server 2019 CU12 and later, importing the Exchange certificate can only be done using PowerShell (Exchange Management Shell).
Import Exchange certificate with PowerShell
Open the Exchange Management Shell as an administrator. Then, execute the following command to import the certificate.
Import-ExchangeCertificate `
-Server "MBX01" `
-FileData ([System.IO.File]::ReadAllBytes('\\dc01\cert\result.pfx')) `
-PrivateKeyExportable:$true `
-Password (ConvertTo-SecureString -String '123456' -AsPlainText -Force)Thumbprint Services Subject
---------- -------- -------
D83496F75206C32C5451D4361ACDBD21E2DD8AC1 ....S.. CN=*.bonguides.meImport Exchange certificate in Exchange Admin Center
If you are using an Exchange Server version earlier than Exchange Server 2016 CU23 or Exchange Server 2019 CU12, you can import the certificate through the Exchange Admin Center.
To import an Exchange Certificate, sign in to the Exchange Admin Center, navigate to the ‘servers’ in the feature pane, and select ‘certificates’ in the tabs. Then click on ‘More options’ (…) and choose ‘Import Exchange Certificate’.
A new window will appear. Enter the path to the Exchange certificate. Complete the password field. If the certificate does not have a password, leave this field blank. Then click ‘Next’.
Click the “+” (Add) button to select the Exchange Server. Choose the server where the new certificate will be installed. Then click “Add” followed by “OK.”
The certificate has been imported into the Exchange Server. The subsequent step involves assigning the certificate to the Exchange services.
Assign Exchange services to certificate
Double-click on the imported certificate.
Select ‘Services’ from the left menu. Assign the certificate to the desired Exchange services. Click ‘Save’. For instance, in this example, the SMTP, IMAP, and IIS services are selected.
A warning will appear if there is an attempt to overwrite the existing certificate. You should click ‘Yes’ to proceed.
Select the certificate from the list view to view the assigned services in the details pane. The certificate is associated with the services we have chosen.
After importing a certificate with PowerShell, execute this command to assign the certificate to the Exchange services.
Enable-ExchangeCertificate –Thumbprint D83496F75206C32C5451D4361ACDBD21E2DD8AC1 –Services "IIS, SMTP, POP, IMAP"Not a reader? Watch this related video tutorial:
