Renewing Exchange 2007 SSL Certificates
SSL Renewal Made Easy using the DigiCert Utility
If you'd like to renew your Exchange 2007 SSL Certificate with minimal use of the Exchange Management Shell please see our Exchange 2007 SSL renewal using the DigiCert Utility page.
Renew an SSL Certificate in the Exchange Management Shell
Open the Exchange Management Shell on your Exchange 2007 server by clicking Start menu, clicking Programs, then clicking Microsoft Exchange 2007, and selecting Exchange Management Shell.
Fill out the information in the DigiCert Exchange 2007 CSR Command Generator Tool, click Generate, then copy this command and paste it into the Exchange Management Shell.
Your CSR file will be named 'c:\yourdomain_com.csr'.
Open your CSR file in text editor (e.g. Notepad, or Wordpad) copy the entire contents of the CSR file so you can paste it into the DigiCert Certificate order form.
- Login to your DigiCert account, and in the 'My Orders' tab you will see a list of the certificates ordered from your account. Click the 'Renew' link (to the right of the expiration date) for your expiring certificate.
Install your Certificate in the Exchange Management Shell
Download the .ZIP file containing your certificate onto the Exchange server and extract the certificate file (e.g. mail_yourdomain_com.cer) to the root of the C Drive (C:\>).
Open the Exchange Management Shell and run the command below to both import the certificate and to configure your Exchange 2007 server to use this certificate:
Note: Both commands should be run on a single line in the shell and separated by a pipe '|'(Shift+'\') character. Red text should be edited to match your filename, domain name or thumbprint.
Import-ExchangeCertificate -Path C:\>mail_yourdomain_com.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
Verify that your certificate is enabled by running the Get-ExchangeCertificate command and verify that all of the services you chose are enabled because they are listed under the Services section.
[PS] C:\> Get-ExchangeCertificate -DomainName your.domain.name Thumbprint Services Subject ---------- -------- ------- 136849A2963709E2753214BED76C7D6DB1E4A270 SIP.W CN=your.domain.name
Run the following command to both import your certificate to the server and enable it for exchange services (this should be run as a command on a single line):
Import-ExchangeCertificate -Path C:\your_domain_name.cer| Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
Test your Certificate Installation
Verify that your certificate is enabled for all of the services you selected by running the Get-ExchangeCertificate command. You should see that it lists the services you enabled: S - SMTP, I - IMAP, P - POP, W - Web (IIS).
[PS] C:\> Get-ExchangeCertificate -DomainName your.domain.name
In the Services section the letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS, i.e. Outlook Web Access).
If your certificate doesn't list all of the correct services, you can re-run the Enable-ExchangeCertificate command like this:
Enable-ExchangeCertificate -ThumbPrint [paste] -Services "SMTP, IMAP, POP, IIS"
You can also check your certificate by visiting The DigiCert Certificate Installation Checking Tool. Enter your domain name (e.g. mail.domain.com), and verify that the expiration date shows the new certificate's expiration date, and shows all green checkmarks.
Quickly test your SSL installation by entering your certificate's Common Name or SAN (e.g. www.yourdomain.com, or mail.domain.com) into the SSL Installation Checker to diagnose common problems.
If you have any SSL certificate errors try using the SSL Management Util for Windows.
For other instructions regarding other certificate management questions check out the Common SSL Certificate Tasks page.
Please contact our friendly support staff if you have any additional questions or problems.
SSL Certificate Renewal :: Exchange 2007
Learn how to renew your SSL Cert for Exchange 2007 by using the Exchange Management Shell