This document provides instructions for installing a SSL certificate on Microsoft Exchange 2007. If you are unable to use these instructions for your server, DigiCert recommends that you contact Microsoft.
|This solution contains two Methods to install your SSL Certificate:
Method 1: Installing the certificate received via e-mail.
Method 2 (recommended): Installing the certificate downloaded from the Trust Center account.
Method 1: Download and Install SSL certificate sent via e-mail
Step 1: Obtain the SSL certificate sent via email:
Your certificate will be sent via email.
The certificate is imbedded in the body of the email.
Copy the SSL certificate and make sure to copy the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- header and footer
Ensure there are no white spaces, extra line breaks or additional characters.
a plain text editor such as Notepad, paste the content of the certificate and save it with extension .txt
NOTE: If you selected Microsoft IIS 5.0 or above during enrollment, continue with the installation from here.
If you are not sure which server software was selected during the enrolment, proceed with Step 2
Step 2: Download and Install the Intermediate CAs:
To download and install the Intermediate CAs follow the steps from this link: SO13415
Step 3: Install the SSL certificate:
To proceed with the installation steps for your SSL certificate click here
Method 2: Download and Install SSL certificate in PKCS#7 format
Step 1: Download the SSL certificate from the Trust Center account:
Download the certificate from the Trust Center by following the steps from this link: SO8061
Make sure you download the certificate in PKCS#7 format and save it with the extension .txt or .p7b
Step 2: Install SSL Certificate.
To install a SSL certificate onto Microsoft Exchange 2007, you will need to use the Exchange Management Shell.
- Copy the SSL certificate file, for example newcert.p7b and save it to C:\ on your Exchange server.
- Open the Exchange Management Shell. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
- Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together (both commands are run on the same line, separated by a pipe character).
Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
NOTE: The Services option can be any combination of these values: IMAP, POP, UM, IIS, SMTP. To disable a certificate, set the Services parameter to 'None'.
For more information regarding the Exchange commands, please refer to this Microsoft Knowledge base article.
- Verify that your certificate is enabled by running the Get-ExchangeCertificate command.
C:\> Get-ExchangeCertificate -DomainName your.domain.name
5. In the Services column, letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS).
NOTE: If your certificate isn't properly enabled, you can re-run the Enable-ExchangeCertificate command by pasting the thumbprint
of your certificate as the -ThumbPrint argument such as:
Enable-ExchangeCertificate -ThumbPrint [paste] -Services "SMTP, IMAP, POP, IIS"
6. Test your certificate by connecting to your server with Internet Explorer, ActiveSync, or Outlook.
You may also use the DigiCert SSL Tools.
NOTE: If using ISA 2004 or ISA 2006, you need to reboot your servers. It has been reported that ISA services won't send the
intermediate certificate until after a reboot.
For more information regarding the Exchange Management Shell, refer to the following Microsoft