Importing and Configuring the Copy of Your SSL Certificate on Your Exchange 2007 Server

Exchange 2013 SSL

Before you can import the copy of your SSL Certificate to your Exchange 2007 server, you must first export it from the server on which it is installed. See DigiCert Certificate Utility SSL Certificate Export Instructions.

To import and configure the copy of your SSL Certificate, do the following:

After you export your SSL Certificate and Private Key file as a .pfx file, you can copy (import) that file to your Exchange 2007 server and then, enable the services for the certificate.

  1. Import the .pfx file to your Exchange 2007 server using the DigiCert Certificate.

    How to Import the .pfx File to Your Exchange 2007 Server with the DigiCert Certificate Utility

  2. Enable services for your SSL Certificate using the Exchange Management Shell.

    How to Enable Services for Your SSL Certificate with Exchange Management Shell

 

1. How to Import the .pfx File to Your Exchange 2007 Server with the DigiCert Certificate Utility

  1. On the Exchange 2007 server to which you want to import your certificate, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

  2. Run the DigiCert® Certificate Utility for Windows.

    Double-click DigiCertUtil.

  3. In DigiCert Certificate Utility for Windows©, click SSL (gold lock) and then, click Import.

    DigiCert Utility Import Me

  4. In the Certificate Import wizard, click Browse to browse to the .pfx certificate file (i.e. your_domain_com.pfx), select the file, and click Open, and then, click Next.

    DigiCert Utility Import Me

  5. In the Password box, enter the password for the .pfx file and then click Next.

    DigiCert Utility Import Me

  6. In the Enter a new friendly name or you can accept the default box, type a friendly name for the certificate.

    Note:    The friendly name is not part of the certificate; instead, it is used to identify the certificate.

    We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-digicert-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.

    Give SSL Cert a Friendly Name

  7. To import the SSL Certificate (.pfx file) to your Exchange 2007 server, click Finish.

    You should receive a message that the certificate was successfully imported. You should now see your SSL Certificate in the DigiCert Certificate Utility for Windows©, under SSL Certificates.

  8. You must now enable services for your SSL Certificate using the Exchange Management Shell.

 

2. How to Enable Services for Your SSL Certificate with Exchange Management Shell

    Get Your Certificate’s Thumbprint

  1. Run the DigiCert® Certificate Utility for Windows.

    Double-click DigiCertUtil.

  2. In DigiCert Certificate Utility for Windows©, click SSL (gold lock), right-click on your newly imported certificate, and then, click Copy thumbprint to clipboard.

    DigiCert Utility Thumbprint feature

    You can also get your thumbprint by running the following command in Exchange Management Shell:

    [PS] C:\> Get-ExchangeCertificate -DomainName your.domain.name

  3. Enable Your Certificate for Use with Exchange

  4. Open Exchange Management Shell (Microsoft Exchange Server 2007 > Exchange Management Shell).

  5. To enable your SSL Certificate for use with Exchange, run the following Enable-Exchange Certificate command:

       Enable-ExchangeCertificate -ThumbPrint insert_thumbprint -Services "SMTP, IMAP, POP, IIS"

    Note:    Omit any of the services that you don’t use (i.e. SMTP, IMAP, POP, or IIS )

  6. Your SSL Certificate is now copied to and installed on your Exchange 2007 mail domain with the services that you selected.

Test Your Installation

To verify that the installation is correct, use our DigiCert® SSL Installation Diagnostics Tool and enter the DNS name of the site (i.e. www.yourdomain.com, or mail.yourdomain.com) that you are securing to test your SSL Certificate.

Troubleshooting

If you run into certificate errors, try repairing your certificate trust errors using DigiCert® Certificate Utility for Windows. If this does not fix the errors contact support.