Transferring Certificates from Exchange 2003/2007 to Exchange 2010

Transferring Certificates from Exchange 2003/2007
to Exchange 2010

Problem

As a rule most of my clients use self signed certificates, (even though you can buy certs cheap as chips these days). If you have paid for a certificate I can see why you would want to transfer it to the new Exchange box, though if your using self signed certificates, it’s a simpler task to create a new one. But I was asked, and what you guys ask for, I will work out how to do 🙂

Solution

Export Certificate from Exchange 2007

1. To see what certificates are being used for what. Launch “Exchange Management Shell” > Issue the following command,

Get-ExchangeCertificate

2. Take a note of the certificates thumbprint (copy it to notepad).

Note: The Letters mean
I – IMAP
P – POP
U – Unified Messaging
W – WEB (IIS)
S – SMTP

3. To export the certificate, (Note: Put in your certificate thumbprint).

Export-ExchangeCertificate
-Thumbprint 1D5B46DBA10E2669327498BFB9F56146A47256CC
-BinaryEncoded:$true -Path c:\exported.pfx
-Password:(Get-Credential).password4. Enter your domain credentials.

5. Your exported certificate is now on the root of C: and called exported.pfx

 

Export Certificate from Exchange 2003

1. Click Start > mmc {enter} > File > Add/Remove Snap-in.

2. Add > Certificates > Add > Select “Computer account” > Next.

3. Accept the default of “Local computer” > Finish > Close > OK.

4. Expand Certificates > Personal > Certificates > locate the cert you are using for OWA etc.

5. Check the expiration date if you are unsure.

6. In the certificates console right click your certificate > All Tasks > Export.

7. At the welcome page > Next > “Select Yes Export the Private Key” > Next > Next > Leave password blank > Next > Chose where to save it > Save.

8. Next > Finish > It should say that it was successful.

 

 

Import your Certificate into Exchange 2010

1. Copy your exported.pfx file to the root of the Exchange servers C: Drive.

2. Launch Exchange Management Shell > Issue the following command,

Import-ExchangeCertificate
-FileData ([Byte[]]$(Get-Content -Path c:\exported.pfx -Encoding Byte
-ReadCount 0)) -Password:(Get-Credential).passwordOr in you exported the certificate form Exchange 2003

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\exported.pfx -Encoding Byte -ReadCount 0))

Exchange 2003 Certificate Import (without a password prompt).

Exchange 2007 and 2010 Certificate Import

4. Then to enable the certificate use the following command > and Press “A” to confirm.

Get-ExchangeCertificate -DomainName mail.domainc.com | Enable-ExchangeCertificate -Services IIS,SMTP

5. Now your OWA, Active-Sync etc, will be using the imported certificate.

 

References – Credits – Or External Links
Technet

MikePfeiffer.net

Thanks to Rick Faria for pointing out this info was missing from the site 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s