Home » Exchange Server 2010 » Client Connectivity » SSL Certificate Installation and troubleshooting Exchange 2010 / 2013

SSL Certificate Installation and troubleshooting Exchange 2010 / 2013

Install a certificate on Microsoft Exchange 2010 / 2013

1- Preparation

To install the certificate in Exchange 2010 / 2013:

  • In the Exchange Management Console, at the Server Organization root, choose Import Exchange Certificate.)
  • If you used the EMS (Exchange Management Shell), launch the cmdlet


In both cases GUI & Shell you need to import the file to install the certificate and the entire certification chain, not only the final certificate. You’ll find this file in the delivery email under the name “installation overall file”. It is also available on your status page by clicking on the button “See the certificate” in PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7b file, format.

2- Importing the Certificate through the shell

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\ExportedCert.pfx -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password


Common issue: revocation check failed

The certificate status could not be determined because the revocation check failed

This issue is caused by Exchange that wants to check the CRL during the certificate importation. If its tool (using WinHTTP) can’t access the web, the operation fails.



Make sure the firewall authorizes connections on port 80 (HTTP) to the authority server.

For example, for netsaints, run the command:

telnet 80

– deactivate the proxy

netsh winhttp reset proxy

or set-up the WinHTTP proxy


Common issue: The Certificate is Invalid for Exchange Server Usage

You probably have install the certificate without its certification chain (.cer) via the GUI interface. We advise to use the powershell to install our .p7b file.

In that situation, the better way to solve the issue is to request a certificate reissuance and to follow the above instructions with the powershell.

On your certificate status page, click on the button “Check your certificate” to make sure your certificate has been correctly installed.

Creating a PFX from Exchange 2010 / 2013

Generating a PFX from a certificate in Exchange 2010 / 2013:

For more info:


Digi Certificate :

Note : Before performing the task on Production server, it is recommended to perform or test in your Lab machines. Use at your own risk and contains No Warranty or Rights

Praveen Kumar

MCTS | Exchange Server

Publisher of

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: