How to install an SSL certificate on Exchange 2013 Shell

  SSL Installation instructions

After the validation is completed, the certificate will be issued. It will be sent to your email address. Also, you can download it in your account.

Then it is necessary to install the certificate on your server.

The file extension of the certificate file for Exchange should be .cer or .p7b (they are of the same format).

To install the certificate, open Exchange Shell and type the following command:

Import-ExchangeCertificate –FileData ([byte []]$(Get-Content –Path “path_to_certificate.cer” –Encoding Byte –ReadCount 0))

If everything is entered correctly, the system will display the Thumbprint of the certificate and its details (common name, organizational unit, etc.).

Then, it is necessary to assign the certificate to the Exchange services.

Please run the following command:

Get-ExchangeCertificate –ThumbPrint | Enable-ExchangeCertificate –Services IIS,SMTP,IMAP,POP

The thumbprint used here is the sequence of digits displayed by the system in the previous step. You can also find the thumbprint by decoding your certificate, which can be done in one of two ways:

  1. Use the .crt file from the zip folder you have downloaded from your account. Go to this decoder, paste the content of the .crt file in and look for the “SHA1 Fingerprint” field. Note: You would need to delete the colons (:) from the fingerprint before using it in your Shell.
  2. Use the .p7b file from the zip folder. The decoder will show a message that the certificate is in the PKCS#7 format and display the PEM certificate on the page. You will need to copy and decode the PEM certificate with the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– headers and use the digits from the SHA1 Fingerprint field.

It is possible that there will be a request to overwrite the certificate. You need to confirm it since it will overwrite the self-signed certificate on the server or the old valid certificate that you are renewing or reissuing.

The certificate is installed. You can check it via https://yourdomainname.com or here.