Table of Contents
How to install a certificate in Exchange Server? It’s important to secure the Exchange Server with an SSL certificate. We have an SSL certificate that we like to import in Exchange Server. There are two ways to do that. One way is to install the certificate in Exchange Admin Center. The other way is to install Exchange certificate with PowerShell. In this article, we will import a certificate with PowerShell and Exchange Admin Center.
Create shared folder
Create a shared folder and place the SSL certificate in the folder. Make sure to assign permissions to the folder. For example, the SYSTEM account. If you don’t give permission, you cannot import the certificate, and an error will appear.
Import certificate in Exchange Server
Starting from Exchange Server 2016 CU23 and later and Exchange Server 2019 CU12 and later, the only option to import the Exchange certificate is with PowerShell (Exchange Management Shell).
Import Exchange certificate with PowerShell
Run Exchange Management Shell as administrator. Next, run the below command to import the certificate.
[PS] C:\>Import-ExchangeCertificate -Server "MBX" -FileData ([System.IO.File]::ReadAllBytes('\\mbx\ssl\renewed_certificate.pfx')) -PrivateKeyExportable:$true -Password (ConvertTo-SecureString -String '1' -AsPlainText -Force)
Thumbprint Services Subject
---------- -------- -------
D83496F75206C32C5451D4361ACDBD21E2DD8AC1 ....S.. CN=*.bonguides.meImport Exchange certificate in Exchange Admin Center
Suppose you have Exchange Server which is not running Exchange Server 2016 CU23 and later or Exchange Server 2019 CU12 and later, you can import the certificate in Exchange Admin Center.
Sign in to Exchange Admin Center. Click servers in the feature pane and click certificates in the tabs. Click … (More options) and select Import Exchange Certificate.
A new window will show up. Insert the path to the Exchange certificate. Fill in the password field. If there is no password configured for the certificate, you can leave it empty. Click Next.
Click + (Add) to select the Exchange Server. Select the Exchange Server. This is the server where the new certificate is going to be installed. Click Add and OK.
The certificate is imported in Exchange Server. The next step is to assign the certificate to the Exchange services.
Assign Exchange services to certificate
Double click on the imported certificate.
Click services in the left menu. Specify the Exchange services to assign this certificate to. Click Save.
In my example, the services SMTP, IMAP, and IIS are checked.
A warning appears if you want to overwrite the existing certificate. Click Yes.
Click the certificate in the list view. See the assigned services in the details pane. It’s assigned to the services that we selected.
If you’ve imported a certificate using PowerShell, you can run this command to assign the certificate to the Exchange services.
Enable-ExchangeCertificate –Thumbprint D83496F75206C32C5451D4361ACDBD21E2DD8AC1 –Services "IIS, SMTP, POP, IMAP"
