Your SSL certificate and Intermediate certificate will arrive by email, use the following commands to import the Intermediate certificate and the SSL ceretificate
Import the Intermediate certificate
Import the SSL certificate
Copy the SSL certificate from the email and save this as mydomain.cer. The name and location of the file are not important.Open the Exchange Management Shell and run the import and enable commands:
The services can be any combination of these values: IMAP, POP, UM, IIS, SMTPTo verify that your certificate is running and enabled run the following command:
In response to the above command you you should see the certificates thumbprint, an abbreviated list of the services and mydomain.cer. If your certificate isn't properly enabled, you can re-run the modified Enable command with the certificate thumbprint
Reboot your server and test your certificate is working by connecting with IE, ActiveSync or Outlook.
Important: Do not use the Certificate snap-in to import the certificates for any service on an Exchange server. Using the Certificate snap-in to import certificates on Exchange servers will fail. Therefore, TLS or other Exchange certificate services will not work.
Import the Intermediate certificate
- Copy the Intermediate certificate from the email (or download from this link here) and then use the following instructions.
- Copy the intermediate certificate from the body of the email and paste it into a simple text editor, such as Notepad
- Save it as intermediate.cer on your desktop
- Open MMC
- Select File > Add/Remove Snap In
- Select Add
- Select Certificates > Add
- Select Computer Account > Next
- Local Computer > Finish > Close > OK
- Select Certificates > Intermediate Certification Authorities > Certificates
- Right-Click Certificates > All-Tasks > Import
Import the SSL certificate
Copy the SSL certificate from the email and save this as mydomain.cer. The name and location of the file are not important.Open the Exchange Management Shell and run the import and enable commands:
Code:
Import-ExchangeCertificate -Path C:\mydomain.cer
Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
The services can be any combination of these values: IMAP, POP, UM, IIS, SMTPTo verify that your certificate is running and enabled run the following command:
Code:
Get-ExchangeCertificate -DomainName server.domain.com
In response to the above command you you should see the certificates thumbprint, an abbreviated list of the services and mydomain.cer. If your certificate isn't properly enabled, you can re-run the modified Enable command with the certificate thumbprint
Code:
Enable-ExchangeCertificate -Thumbprint [paste thumbprint here] -Services "SMTP,IMAP, POP, IIS"
Reboot your server and test your certificate is working by connecting with IE, ActiveSync or Outlook.
Important: Do not use the Certificate snap-in to import the certificates for any service on an Exchange server. Using the Certificate snap-in to import certificates on Exchange servers will fail. Therefore, TLS or other Exchange certificate services will not work.