SSL Installation for Microsoft Exchange 2007 (Powershell)

February 13, 2019 in SMTP

Once you have purchased your certificate, and the domains have been validated, you will receive an email containing the certificate.

The certificate file should be copied onto your Exchange 2007 server. It is then installed using the Import-ExchangeCertificate cmdlet.

Note: DO NOT use the Certificates snap-in for the MMC to install the certificate. This will not work for Exchange 2007

Make sure you have all the following files saved before proceeding:

  • Your Server Certificate - This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.

  • Intermediate Certificates - These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle.

  • Your Private Key - This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.

Open the Exchange Management Shell.

This can be done by doing the following:
Click Start
Click Programs
Click Microsoft Exchange Server 2007
Click Exchange Management Shell

In this example, the certificate file is copied to the server as the file c:\\exchange_example_net.crt

Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together:

Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate - Services "SMTP, IMAP, POP, IIS"

Note: Both commands are run on the same line, divided by a "pipe" character.

To verify whether or not the certificate has been enabled, run the following command:

C:\> Get-ExchangeCertificate -DomainName

Note: In the Services column, SIP and W are abbreviations for "SMTP," "IMAP," "POP3" and "Web (IIS). If the Certificate is not properly enabled, run the Enable-ExchangeCertificate command line again by copying the thumbprint of your certificate like such:

Enable-ExchangeCertificate -ThumbPrint [paste] -Services "SMTP, IMAP, POP, IIS"

Note: If a UCC was purchased, your certificate file will be ORDER_NUMBER.crt, else your certificate file will be the FQDN for which you applied.

Import-ExchangeCertificate -Path c:\\exchange_example_net.crt | Enable-ExchangeCertificate -Services SMTP ; where c:\\exchange_example_net.crt is your certificate that you got from Comodo.

The 'Services' flag sets which services the certificate is enabled for.
Valid options include: SMTP IMAP POP IIS UM

To enable multiple services:

Import-ExchangeCertificate -Path c:\\exchange_example_net.crt | Enable-ExchangeCertificate -Services 'SMTP, POP, IMAP, IIS' ; where c:\\exchange_example_net.crt is your certificate that you got from Comodo.

Note: Once you have installed the site certificate you may need to follow the procedure outlined in 'Root and Intermediate Certificate installation via MMC' with the other files that you have been sent in order to complete the installation.

Manual Intermediate Installation Instructions

  1. Open the Start menu, select Run…

  2. Type mmc, click OK. The Microsoft Management Console window should open.

  3. Select the File menu, choose Add/Remove Snap-In.

  4. Click Certificates, then Add.

  5. Select the correct computer account, then Next.

  6. Choose Local Computer, then click Finish.

  7. Click OK to close Add/Remove Snap-Ins.

  8. In the Console window, expand Certificates.

  9. Right-click on Intermediate Certification Authorities, hover over All Tasks, then select Import.

  10. The Certificate Import Wizard should appear, click Next.

  11. Select Browse and locate the Intermediate Certificate file.

  12. Change the extension filter in the bottom right corner to: PKCS #7 Certificates (*.spc;*.p7b).

  13. Select the Certificate File and click Open.

  14. Choose Next.

  15. Click Place All Certificate in the Following Store.

  16. Select Browser, choose Intermediate Certification Authorities, then click Next.

  17. Select Finish.