Install a certificate on Microsoft Exchange 2010 / 2013
1- Preparation
To install the certificate in Exchange 2010 / 2013:
- In the Exchange Management Console, at the Server Organization root, choose Import Exchange Certificate.)
- If you used the EMS (Exchange Management Shell), launch the cmdlet
Import-ExchangeCertificate
In both cases GUI & Shell you need to import the file to install the certificate and the entire certification chain, not only the final certificate. You’ll find this file in the delivery email under the name “installation overall file”. It is also available on your status page by clicking on the button “See the certificate” in PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7b file, format.
2- Importing the Certificate through the shell
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\ExportedCert.pfx -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password
Common issue: revocation check failed
The certificate status could not be determined because the revocation check failed
This issue is caused by Exchange that wants to check the CRL during the certificate importation. If its tool (using WinHTTP) can’t access the web, the operation fails.
Troubleshooting:
Make sure the firewall authorizes connections on port 80 (HTTP) to the authority server.
For example, for netsaints, run the command:
telnet ocsp.netsaints.com 80
– deactivate the proxy
netsh winhttp reset proxy
Common issue: The Certificate is Invalid for Exchange Server Usage
You probably have install the certificate without its certification chain (.cer) via the GUI interface. We advise to use the powershell to install our .p7b file.
In that situation, the better way to solve the issue is to request a certificate reissuance and to follow the above instructions with the powershell.
On your certificate status page, click on the button “Check your certificate” to make sure your certificate has been correctly installed.
Creating a PFX from Exchange 2010 / 2013
Generating a PFX from a certificate in Exchange 2010 / 2013: http://exchangeserverpro.com/export-an-exchange-server-2010-certificate-to-exchange-2003
For more info:
- http://technet.microsoft.com/en-us/library/dd351183(EXCHG.140).aspx
- http://technet.microsoft.com/en-us/library/bb310769(EXCHG.140).aspx
- http://support.microsoft.com/kb/979694/en
- http://support.microsoft.com/default.aspx?scid=kb;en-us;979694
Digi Certificate :
http://www.digicert.com/util/pfx-certificate-management-utility-import-export-instructions.htm
Note : Before performing the task on Production server, it is recommended to perform or test in your Lab machines. Use at your own risk and contains No Warranty or Rights
Praveen Kumar
MCTS | Exchange Server
Publisher of Techrid.com
Praveen Kumar
TechRid 