Installation of TLS certificate in Microsoft Exchange 2010 and 2007

This guide describes how to install the certificate on Microsoft Exchange 2010 and 2007. The TLS certificate on Exchange will secure data transfer for all services and connection devices. You can use a Wildcard certificate as well.

Microsoft Exchange logo

Installing the certificate in Microsoft Exchange 2010

The issued SSL certificate is delivered by email. The certificate arrives in text form encoded in Base64 format. Create a .cer file and copy it to your server.

Launch Exchange Management Console from the Start menu > Programs > Microsoft Exchange 2010 > Exchange Management Console. In the middle window select Manage Databases and then in the drop-down menu on Server configuration.

In the middle of the screen you will see a list of certificates on the server. Click Complete Pending Request on the right and select a certificate file in the dialog. Click Complete to upload the certificate to the server.

If you get an error about incorrect file encoding in Base64, ignore it and confirm the dialog. Press F5 to update the certificate list. In the server certificate list, False must be entered in the Self Signed field. If True, you have selected the wrong certificate, or the certificate is actually self-signed.

Now you need to set up certificate-related services. In the right menu, click Assign Services to Certificate. A list of servers appears; go to the next step to select server services. Confirm your selection in the next two steps and click Finish to close the dialog. The certificate is now installed and ready for use on the Exchange server.

If you prefer to install via the PowerShell command line, type the following:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:your_domain_name.p7b -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services "IIS,POP,IMAP,SMTP"

Installing the certificate in Microsoft Exchange 2007

The issued SSL certificate is delivered by email. The certificate arrives in text form encoded in Base64 format. Create a .cer file and copy it to your server.

Via the Start menu > Programs > Microsoft Exchange Server 2007 run Exchange Management Shell.

Then run these commands: Import-ExchangeCertificate -Path C:certificate_name.crt Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

Parametry:

    Import-ExchangeCertificate — Imports a certificate or certificate chain from a CA
    -Path — specifies the path where the certificate should be installed
    Enable-ExchangeCertificate — Enable or disable the certificate for specific services, see below
    -Services — This parameter specifies for which services the certificate should be used. You can use these parameter values (services): IMAP, POP, UM, IIS, SMTP, None,

You will see a list of certificates, including their (hash), the services they use and the Subject name.

For check a specific domain, use: Get-ExchangeCertificate -DomainName yourdomainname

If a particular certificate is not properly enabled, you can enable it by: Enable-ExchangeCertificate -Thumbprint [include thumbprint here] -Services "SMTP, IMAP, POP, IIS"

At the end of the installation, restart the server.

You can verify that the SSL certificate is installed by using the CA tool. For more information, see Checking SSL Certificate Installation in the Help article on installing certificates .

In case you need anything, please contact our customer support, who will help you with any problem.