SSL Certificate Installation in Exchange 2007

If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Exchange 2007 CSR Creation Instructions.

How to install your SSL certificate in Exchange 2007

New: Exchange 2007 installation video walkthrough

    In the Instructions below modify red text to match your configuration (filename, domain, or certificate thumbprint).

  1. Download and open the ZIP file containing your certificate. Your certificate file will be named your_domain_name.cer.

  2. Copy your_domain_name.cer to C:\ on your Exchange server.

  3. Open the Exchange Management Shell.

    Click Start, click Programs, and then click Microsoft Exchange Server 2007. Then click Exchange Management Shell.

  4. Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together (both commands are run on the same line, separated by a pipe character)

    Import-ExchangeCertificate -Path C:\your_domain_name.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

    The Services option can be any combination of these values: IMAP, POP, UM, IIS, SMTP. To disable a certificate, set the Services parameter to 'None'.

    For further reading about the Exchange commands, visit Microsoft's Exchange Server TechCenter.

  5. Verify that your certificate is enabled by running the Get-ExchangeCertificate command.

    [PS] C:\> Get-ExchangeCertificate -DomainName
    Thumbprint                                Services   Subject
    ----------                                --------   -------
    136849A2963709E2753214BED76C7D6DB1E4A270  SIP.W

    In the Services column, letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS).

    If your certificate isn't properly enabled, you can re-run the Enable-ExchangeCertificate command by pasting the thumbprint of your certificate as the -ThumbPrint argument like this:

    Enable-ExchangeCertificate -ThumbPrint [paste_your_thumbprint] -Services "SMTP, IMAP, POP, IIS"
  6. Test your certificate by connecting to your server with IE, ActiveSync, or Outlook.

    If using ISA 2004 or ISA 2006, you need to reboot your servers. Some customers have reported that ISA services won't send the intermediate certificate until after a reboot.

Exporting to your ISA Server (VERY IMPORTANT)

When exporting your certificate, make sure to include all certificates in the certification chain, when prompted. Otherwise, your certificate will not work properly.

If you are currently using an ISA (Internet Security and Acceleration) server in front of your Exchange 2007 server, or need to export your SSL certificate to any other Microsoft server type, see our Exchange 2007 export instructions for a step-by-step walkthrough.

If you attempt to import the certificate and get an error that the private key is missing, see our help file.

For installion or troubleshooting assistance, check out our new Windows SSL certificate manager.

SSL Certificates: Multi-Domain Certificates for Microsoft Exchange 2007

Learn more about Multi-Domain (SAN) Certificates.
Cómo Instalar Exchange 2007 Certificado SSL en su servidor de correo.