Managing certificates in Exchange 2010

24Nov/092

Managing certificates in Exchange 2010

If you are familiar with Exchange 2010 and trying to install Exchange 2010 for the first time you should have already noticed that the powershell cmdlets used to request and install certificates in Exchange 2007 no longer work in Exchange 2010.

For instance running

New-ExchangeCertificate -GenerateRequest -domainname mail.contoso.msft,autodiscover.contoso.msft,myserver,myserver.internal.contoso.msft -FriendlyName mail.contoso.msft -privatekeyexportable:$true -path c:\cert_myserver.txt

will fail with the following error

A positional parameter cannot be found that accepts argument ‘-Path’.
+ CategoryInfo : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate

and running

Import-ExchangeCertificate -path "c:\CertNew.cer"

will also fail with the same error

A positional parameter cannot be found that accepts argument '-path'.
+ CategoryInfo : InvalidArgument: (:) [Import-ExchangeCertificate], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Import-ExchangeCertificate

So here are the commands you should use for Exchange 2010

To request a certificate

$Data = New-ExchangeCertificate –GenerateRequest -domainname mail.contoso.msft,autodiscover.contoso.msft,myserver,myserver.internal.contoso.msft -FriendlyName mail.contoso.msft -privatekeyexportable:$true
 
Set-Content -path "C:\MyCertRequest.req" -Value $Data

To import a .cer certificate

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\CertNew.cer -Encoding byte -ReadCount 0))

To import a .crt certificate

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\Certfile.crt  -Encoding byte -ReadCount 0))

To import a .pfx certificate

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\CertwithPriv.pfx -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password

N.B.: you will be prompted for a username/password you can put anything in the user name just don't keep it blank. The password, however, should match the password of the .pfx file.

To import .p7b certificate

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\IssuedCert.p7b -Encoding byte -ReadCount 0))

To enable the certificate
This has not changed from Exchange 2007, get first the certificate thumbprint by issuing

get-ExchangeCertificate

Then enable it by running

Enable-ExchangeCertificate thumbprintCopied -Services "IIS,POP,IMAP"

Enjoyed the post, what is next?

Grab our FULL RSS feed! or Email Updates then share it

About Antoine Khater

I have been working in IT consultancy and solution integration since 1998 and I consider myself lucky to be, one in a few, making a living out of my passion. I am also member of the famous Experts Exchange (profile here) online community where I try my best to share what I have learned along the road.

Tagged as: certificates, exchange 2010, Exchange Server, power shell, tutorials Leave a comment

Elie M.

Thank you SO much I have been looking for this!
I am lucky to have found your site
Antoine Khater

Hi Elie,
Thank you for dropping by and I sure am glad the post was able to help you out

blog comments powered by Disqus

« Cannot move mailboxes: INSUFF_ACCESS_RIGHTS error How to Flush DNS cache (Windows/MAC/Linux) »

Latest Tweets

Upgrading from exchange 2k to 2k7 feeling at least 3 years younger :)September 6, 2010 11:26
Exchange Outlook Web App and OCS 2007 R2 integration http://bit.ly/dbS0V4September 5, 2010 10:05
Updated : Do NOT install Exchange 2010 SP1 on your Edge/TMG server http://bit.ly/b4n8AUSeptember 2, 2010 11:10
@camassey have a great vacationAugust 28, 2010 7:46
Updating a 3 nodes DAG to sp1 hope it wont take too longAugust 26, 2010 6:35

Follow @ZeroHourSleep (66 followers)