HostSEO Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


How to export/import certificates on Exchange 2013 Shell

The same certificate can be used on different Exchange servers by using the export/import process. After installing the certificate on the server from which the certificate request was initially generated, use the Shell command lines to export the installed certificate from one server and import it to another one.

Export

You may export the certificate from the Exchange server using the certificate’s domain name or its thumbprint.

1) Using Domain name:

Get-ExchangeCertificate -DomainName “domain_name.com” | Export-ExchangeCertificate
-BinaryEncoded:$true -Password (Get-Credential).password

After clicking Enter, you will be prompted to enter your username and password. You can type anything for the username as this field does not matter here. However, you should remember the password since you will need it to import or convert the certificate into other formats. If this password is lost or forgotten, it cannot be recovered. In this case, you would need to export the certificate again to a new file with new credentials.

2) Using Thumbprint:

Export-ExchangeCertificate -ThumbPrint -BinaryEncoded:$true -Password (Get-Credential).password

The certificate thumbprint can be obtained in several different ways. For example, if you have installed the certificate on any server you can access from your Shell, you have already used the thumbprint during the certificate installation process.

Otherwise, you can open the file with the certificate text by cutting and pasting the text in this decoder and looking for the “SHA1 Fingerprint” field. If you use your certificate’s .crt file which has the -----BEGIN CERTIFICATE----- header, the output will show the “SHA1 Fingerprint”. If you decode the .p7b or .cer file, the tool will show a message that the certificate is in PKCS#7 format and display the PEM text of the certificate with Begin and End headers on the page. You will need to decode the PEM text once again to see the thumbprint/SHA1 fingerprint, which are the same.

Once you have entered the password which encrypts the certificate, you need to specify the path to the file where the exported certificate should be saved:

Set-Content -Path “c:\file_name.pfx” -Value $file.FileData -Encoding Byte

Import

Before importing, the certificate .pfx file should be saved on your computer. You can also import the certificate if it was created on another machine as long as you have saved it in the .pfx format and have the correct password.

Use the following command:

Import-ExchangeCertificate -FileData ([byte[]](Get-Content -Path path/to/certificate.pfx -Encoding Byte -ReadCount 0)) -Password (Get-Credential).password -Server
The “-Server ” section helps import the certificate to a particular server if you have several of them on one machine. In our example, this part is omitted since only one server was enabled initially.

The system asks for the username and password. You can enter any value in the username field as it is not relevant here. However, the password should match the one used for creating the .pfx file (during the certificate export or conversion).

If the password matches, the certificate will be imported onto the server. The Shell displays its thumbprint and details.

To assign the certificate to the Exchange services, use this guide.

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 123456
78910111213
14151617181920
21222324252627
28293031 

Born in 2004 ... Trusted By Clients n' Experts

SEO Stars

They never made me feel silly for asking questions. Help me understand how to attract more people and improve my search engine ranking.

Read More

Emily Schneller Manager at Sabre Inc
SEO Stars

Took advantage of Hostseo's superb tech support and I must say, it is a very perfect one. It is very fast, servers reliability is incredible.

Read More

Leena Mäkinen Creative producer
SEO Stars

We're operating a worldwide network of servers with high quality standards requirements, we’ve choose hostseo to be our perfect partner.

Read More

Ziff Davis CEO at Mashable
SEO Stars

It’s very comfortable to know I can rely about all technical issues on Hostseo and mostly that my website and emails are safe and secured here.

Read More

Isaac H. Entrepreneur
SEO Stars

With hostseo as a hosting partner we are more flexible and save money due to the better packages with great pricing, free SEO n' free SSL too!

Read More

Madeline E. Internet Professional