SSL Certificate Installation in Exchange 2007

In the Instructions below modify red text to match your configuration (filename, domain, or certificate thumbprint).

  1. Download and open the ZIP file containing your certificate. Your certificate file will be named your_domain_name.cer.
  2. Copy your_domain_name.cer to C:\ on your Exchange server.
  3. Open the Exchange Management Shell.
    • Click Start, click Programs, and then click Microsoft Exchange Server 2007. Then click Exchange Management Shell.
  4. Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together (both commands are run on the same line, separated by a pipe character)
    • Import-ExchangeCertificate -Path C:\your_domain_name.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
    • The Services option can be any combination of these values: IMAP, POP, UM, IIS, SMTP. To disable a certificate, set the Services parameter to 'None'. For further reading about the Exchange commands, visit Microsoft's Exchange Server TechCenter.
  5. Verify that your certificate is enabled by running the Get-ExchangeCertificate command.
    - In the Services column, letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS). If your certificate isn't properly enabled, you can re-run the Enable-ExchangeCertificate command by pasting the thumbprint of your certificate as the -ThumbPrint argument like this:
    Enable-ExchangeCertificate -ThumbPrint [paste_your_thumbprint] -Services "SMTP, IMAP, POP, IIS"
C:\>  Get-ExchangeCertificate -DomainName

Thumbprint                                Services   Subject
----------                                --------   -------
136849A2963709E2753214BED76C7D6DB1E4A270  SIP.W

Test your certificate by connecting to your server with IE, ActiveSync, or Outlook.

If using ISA 2004 or ISA 2006, you need to reboot your servers. Some customers have reported that ISA services won't send the intermediate certificate until after a reboot.