Ask a Question

Advanced Search

Solution ID : SO10425

Last Modified : 05/02/2018

How to install an SSL certificate in Microsoft Exchange 2007


To install a GeoTrust SSL certificate in Microsoft Exchange 2007 server, perform the following steps:

Step 1: Obtain the GeoTrust Intermediate CA Certificate

b) Copy and paste the Intermediate CA into a Notepad and save as "intermediate.txt".

Step 2: Create a Certificates Snap-in in the Microsoft Management Console (MMC):

  1. From the Web server, click Start
  2. In the Search programs and files field, type mmc
  3. From the Programs list, click mmc.exe
  4. At the permission prompt, click Yes
  5. From the Microsoft Management Console (MMC), click  File > Add/Remove Snap-in
  6. From the list of snap-ins, select Certificates
  7. Click Add
  8. Select Computer account
  9. Click Next
  10. Select Local computer (the computer this console is running on)
  11. Click Finish
  12. In the Add/Remove Snap-in window, click OK
  13. Save these console settings for future use

Step 3: Install the GeoTrust Intermediate CA Certificate

  1. Using the same Console, double-click on Intermediate Certification Authorities from the left pane
  2. Right-click on Certificates from the right pane and select All Tasks > Import to open the Certificate Import Wizard
  3. Click Next
  4. Specify the location of the GeoTrust intermediate file obtained from Step 1 by clicking Browse
  5. Click Next
  6. By default, it will place the certificate in the Intermediate Certification Authorities store. Keep this selection and click on the Next button.
  7. Click Finish
  8. A message will appear confirming the successful import of the certificate. Click OK

 Step 4: Install the SSL certificate

GeoTrust will send the SSL certificate via email.

Copy the contents of the SSL certificate and paste it into a Notepad. 

The text file should look like:
[encoded data]

Note: Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added. Save the file with the extension of .cer.

Or, download the certificate as per the instructions in the following solutions:

To install the SSL certificate into Microsoft Exchange 2007, use the Exchange Management Shell.

  1. Copy the SSL certificate to C:\ on the Exchange server.
  2. Open the Exchange Management Shell.
  3. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  4. Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together (both commands are run on the same line, separated by a pipe character).
    Import-ExchangeCertificate -Path C:\newcert.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

    Note: The Services option can be any combination of these values: IMAP, POP, UM, IIS, SMTP. To disable a certificate, set the Services parameter to 'None.'

    For more information regarding the Exchange commands, please refer to this Microsoft Knowledge base article.
  5. Verify that your certificate is enabled by running the Get-ExchangeCertificate command.

    C:\> Get-ExchangeCertificate -DomainName

    In the Services column, letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS).

    Note: If the certificate is not properly enabled, re-run the Enable-ExchangeCertificate command by pasting the thumbprint of the certificate as the -ThumbPrint argument.

    For example:

    Enable-ExchangeCertificate -ThumbPrint "d71b23289720a4b0267342203db6e9e92cddbc21" -Services "SMTP, IMAP, POP, IIS"
  6. Test your certificate by connecting to your server with IE, ActiveSync, or Outlook.

    Note: If using ISA 2004 or ISA 2006, a reboot is recommended. It has been reported that ISA services won't send the intermediate certificate until after a reboot.

    For more information regarding the Exchange Management Shell, please refer to this Microsoft Knowledge base article: