Exchange Server 2007: Install a certificate
After your SSL request is vetted and your certificate is issued, download and install all the provided files. You must install all of the files on your Microsoft® Exchange Server 2007 to complete installation. For more information see Download my SSL certificate files.
Before you begin, make sure you are logged in to your server as Administrator.
To run multiple services securely, such as SMTP, POP, IMAP, UM, and IIS, you must use a Multiple Domain (UCC) Certificate.
There are two processes involved in installing your certificate:
- Installing our intermediate certificate on your server
- Installing your signed SSL certificate on your server
To Install Our Intermediate Certificate
- From the Start menu, click Run...
- Type mmc and click OK. The Microsoft Management Console (Console) window opens.
- From the File menu, click Add/Remove Snap In.
- Select Certificates, and then click Add.
- Select Computer Account, and then click Next.
- Select Local Computer, and then click Finish.
- Click OK to close Add or Remove Snap-ins.
- In the Console window, expand the Certificates folder.
- Right-click Intermediate Certification Authorities, mouse-over All Tasks, and then click Import.
- In the Certificate Import Wizard, click Next.
- Click Browse to find the certificate file.
- In the bottom right corner, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b).
- Select your certificate file, and then click Open.
- Click Next.
- Select Place all certificates in the following store.
- Click Browse, select Intermediate Certification Authorities, and then click Next.
- Click Finish.
To Install Your Signed SSL Certificate
- From the Start menu, select Microsoft Exchange Server 2007, and then click Exchange Management Shell.
- At the prompt, type the following to import the certificate:
Import-ExchangeCertificate -Path C:\CertificateFile.crt
Replace CertificateFile.crt with the complete path and file name of your certificate.
If the output of this command doesn't copy the thumbprint of the certificate, then you must copy it manually for use in the next step.
- Type the following to enable the certificate:
Enable-ExchangeCertificate -Thumbprint paste_thumbprint_here -Services "SMTP, IMAP, IIS"
Paste the thumbprint in place of paste_thumbprint_here. Specify the services this certificate covers, using quotes. Valid service identifiers are SMTP, POP, IMAP, UM, and IIS. Do not enable services that are not in use.
- Close the Exchange Management Shell window.
Your SSL Certificate is installed. If you have problems, please see Test your SSL's configuration to help diagnose issues.
For more information, see the Microsoft Technet article Importing and Enabling Certificates.