How to Import and Export your SSL Certificate in Exchange 2007
PFX Backup Tutorial for Microsoft Exchange 2007 Servers
The PFX extension is used on Windows servers for files containing both the public key files (your SSL certificate files, provided by DigiCert) and the associated private key (generated by your server at the time the CSR was generated).
Since both the public and private keys are needed for an SSL certificate to function, a PFX backup is always needed to transfer an SSL server security certificate from one server to another.
This tutorial explains how to back up your certificate from a working server, import the certificate to a second server, and then enable the certificate for use on the new server. If you have not yet installed the certificate files you received from DigiCert to the server that generated your CSR, please see our Exchange 2007 installation instructions.
Exporting/Backing up your certificate/Private Key (to .pfx file format)
- Start > Run
- Type in MMC and click OK
-
Go into the File Tab (or Console) > select Add/Remove Snap-in
-
Click on Add > Click on Certificates and click on Add, then close (to close the Add Standalone Snap-in window)
- Click on OK (in the Add/Remove Snap-in window)
- Select Computer Account
- Select Local Computer
- Click the + to Expand the Certificates Console Tree
- Look for the Personal directory/folder and expand Certificates.
- Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
- Follow the Certificate Export Wizard to backup your certificate to a .pfx file
- Choose to 'Yes, export the private key'
- Choose to include all certificates in certificate path if possible. (do NOT select the delete Private Key option)
- Leave default settings > Enter Password (if required)
- Choose to save file on a set location
- Finish
- You will receive a message > Export Successful
- The .pfx file backup is now saved in the location you selected.
Importing your Certificate/Private Key (from .pfx file format)
- Start > Run
- Type in MMC and click OK
- Go into the File Tab (or Console) > select Add/Remove Snap-in
- Click on Add > Click on Certificates and click on Add, then close (to close the Add Standalone Snap-in window)
- Click on OK (in the Add/Remove Snap-in window)
- Select Computer Account
- Select Local Computer
- Click the + to Expand the Certificates Consol Tree
- Right click on the Personal Certificates Store (folder)
- Choose > ALL TASKS > Import
- Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
- Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.
Configuring Your Site - Microsoft Exchange 2007
-
Obtain your certificate thumbprint by running the Get-ExchangeCertificate command.
[PS] C:\> Get-ExchangeCertificate -DomainName your.domain.name Thumbprint Services Subject ---------- -------- ------- 136849A2963709E2753214BED76C7D6DB1E4A270 ..... CN=your.domain.nameEnable your certificate for use with Exchange by running the Enable-ExchangeCertificate command.
Enable-ExchangeCertificate -ThumbPrint [paste] -Services "SMTP, IMAP, POP, IIS"You can now re-run the Get-ExchangeCertificate command to verify that the certificate was successfully installed.
In the Services column, letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS).
Test your certificate by connecting to your server with IE, ActiveSync, or Outlook.
If using ISA 2004 or ISA 2006, you need to reboot your servers. Some customers have reported that ISA services won't send the intermediate certificate until after a reboot.
PFX Export/Import Tutorial
How to Import/Export your SSL Server Security Certificate Across Microsoft Exchange 2007 Servers.
