Table of Contents
Installing a certificate in Exchange Server is important for ensuring security. An SSL certificate is essential to protect the server. We already have an SSL certificate that needs to be imported into the Exchange Server, and there are two ways to do this.
- One way to install the certificate is through the Exchange Admin Center.
- An alternative approach is to use PowerShell to install an Exchange certificate.
Create shared folder
No matter how you install the certificate, the first step is to create a shared folder and store the SSL certificate in it. Make sure to set the right permissions for the folder, like those for the SYSTEM account. If the permissions aren’t set correctly, importing the certificate will fail and throw an error.
Import certificate in Exchange Server
Starting with Exchange Server 2016 CU23 and later versions, as well as Exchange Server 2019 CU12 and beyond, importing the Exchange certificate must be done exclusively through PowerShell (Exchange Management Shell).
Import Exchange certificate with PowerShell
Launch the Exchange Management Shell with administrative privileges, and run the following command to import the certificate.
Import-ExchangeCertificate `
-Server "MBX01" `
-FileData ([System.IO.File]::ReadAllBytes('\\dc01\cert\result.pfx')) `
-PrivateKeyExportable:$true `
-Password (ConvertTo-SecureString -String '123456' -AsPlainText -Force)Thumbprint Services Subject
---------- -------- -------
D83496F75206C32C5451D4361ACDBD21E2DD8AC1 ....S.. CN=*.bonguides.meImport Exchange certificate in Exchange Admin Center
If you’re running an Exchange Server version older than Exchange Server 2016 CU23 or Exchange Server 2019 CU12, you can use the Exchange Admin Center to import the certificate.
To import an Exchange Certificate, log in to the Exchange Admin Center, go to the ‘servers’ section in the feature pane, and click on the ‘certificates’ tab. Next, select ‘More options’ (…) and choose ‘Import Exchange Certificate’.
A new window will open. Enter the path to the Exchange certificate, fill in the password field, or leave it blank if the certificate doesn’t have a password. Finally, click ‘Next’.
Click the “+” (Add) button to choose the Exchange Server. Select the server where the new certificate will be installed, then click “Add” and finish by clicking “OK.”
The certificate has been successfully imported into the Exchange Server, and the next step is to assign it to the Exchange services.
Assign Exchange services to certificate
Double-click the certificate you imported.
From the left menu, choose ‘Services’. Assign the certificate to the Exchange services you want, then click ‘Save’. For example, in this case, the SMTP, IMAP, and IIS services are selected.
If you try to overwrite the existing certificate, a warning will pop up. Simply click ‘Yes’ to continue.
Choose the certificate from the list view to see the assigned services in the details pane. The certificate is linked to the services we selected.
Once you’ve imported a certificate using PowerShell, run this command to assign it to the Exchange services.
Enable-ExchangeCertificate –Thumbprint D83496F75206C32C5451D4361ACDBD21E2DD8AC1 –Services "IIS, SMTP, POP, IMAP"Not a reader? Watch this related video tutorial:
