PFX Backup Tutorial for Microsoft Exchange 2007 Servers
Want an easier way to export? Our management & troubleshooting tool works on all Windows-based servers.
Windows servers use .pfx files to contain the public key files (your SSL Certificate files, provided by DigiCert) and the associated private key file (generated by your server as part of the CSR).
Since both the public and private keys are needed for an SSL Certificate to function, you need a .pfx backup to transfer SSL server security certificates from one server to another.
This page explains how to back up your certificate on a working server, import the certificate to another server, and then enable the certificate for use on the new server. If you have not yet installed the certificate files that you received from DigiCert on the server that generated your CSR, please see our Exchange 2007 installation instructions page.
Exporting/Backing Up to a .pfx File
Click File > Add/Remove Snap-in.
Click Certificates > Add, and then close the Add Standalone Snap-in window. Click OK.
Importing from a .pfx File
Enabling a New Certificate on a Server
Run the following Get-ExchangeCertificate command to get your certificate thumbprint. Replace the text in red to match your domain.
[PS] C:\> Get-ExchangeCertificate -DomainName your.domain.name
Thumbprint Services Subject
---------- -------- -------
136849A2963709E2753214BED76C7D6DB1E4A270 ..... CN=your.domain.name
Run the following Enable-ExchangeCertificate command to enable your certificate for use with Exchange. Replace the text in red to match your thumbprint.
Enable-ExchangeCertificate -ThumbPrint [paste_your_thumbprint] -Services "SMTP, IMAP, POP, IIS"
You can now re-run the Get-ExchangeCertificate command to verify that the certificate was successfully installed.
In the Services column, the letters SIP and W stand for SMTP, IMAP, POP3, and Web (IIS).
Test your certificate by connecting to your server with IE, ActiveSync, or Outlook.
If you are using ISA 2004 or ISA 2006, you need to reboot your servers.