Importing and Configuring the Copy of Your SSL Certificate on Your Exchange 2007 Server
Before you can import the copy of your SSL Certificate to your Exchange 2007 server, you must first export it from the server on which it is installed. See DigiCert Certificate Utility SSL Certificate Export Instructions.
To import and configure the copy of your SSL Certificate, do the following:
After you export your SSL Certificate and Private Key file as a .pfx file, you can copy (import) that file to your Exchange 2007 server and then, enable the services for the certificate.
-
Import the .pfx file to your Exchange 2007 server using the DigiCert Certificate.
How to Import the .pfx File to Your Exchange 2007 Server with the DigiCert Certificate Utility
-
Enable services for your SSL Certificate using the Exchange Management Shell.
How to Enable Services for Your SSL Certificate with Exchange Management Shell
1. How to Import the .pfx File to Your Exchange 2007 Server with the DigiCert Certificate Utility
-
On the Exchange 2007 server to which you want to import your certificate, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).
-
Run the DigiCert® Certificate Utility for Windows.
Double-click DigiCertUtil.
-
In DigiCert Certificate Utility for Windows©, click SSL (gold lock) and then, click Import.
-
In the Certificate Import wizard, click Browse to browse to the .pfx certificate file (i.e. your_domain_com.pfx), select the file, and click Open, and then, click Next.
-
In the Password box, enter the password for the .pfx file and then click Next.
-
In the Enter a new friendly name or you can accept the default box, type a friendly name for the certificate.
Note: The friendly name is not part of the certificate; instead, it is used to identify the certificate.
We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-digicert-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
-
To import the SSL Certificate (.pfx file) to your Exchange 2007 server, click Finish.
You should receive a message that the certificate was successfully imported. You should now see your SSL Certificate in the DigiCert Certificate Utility for Windows©, under SSL Certificates.
-
You must now enable services for your SSL Certificate using the Exchange Management Shell.
2. How to Enable Services for Your SSL Certificate with Exchange Management Shell
-
Run the DigiCert® Certificate Utility for Windows.
Double-click DigiCertUtil.
-
In DigiCert Certificate Utility for Windows©, click SSL (gold lock), right-click on your newly imported certificate, and then, click Copy thumbprint to clipboard.
You can also get your thumbprint by running the following command in Exchange Management Shell:
[PS] C:\> Get-ExchangeCertificate -DomainName your.domain.name
-
Open Exchange Management Shell (Microsoft Exchange Server 2007 > Exchange Management Shell).
-
To enable your SSL Certificate for use with Exchange, run the following Enable-Exchange Certificate command:
Enable-ExchangeCertificate -ThumbPrint insert_thumbprint -Services "SMTP, IMAP, POP, IIS"
Note: Omit any of the services that you don’t use (i.e. SMTP, IMAP, POP, or IIS )
-
Your SSL Certificate is now copied to and installed on your Exchange 2007 mail domain with the services that you selected.
Get Your Certificate’s Thumbprint
Enable Your Certificate for Use with Exchange
Test Your Installation
To verify that the installation is correct, use our DigiCert® SSL Installation Diagnostics Tool and enter the DNS name of the site (i.e. www.yourdomain.com, or mail.yourdomain.com) that you are securing to test your SSL Certificate.
Troubleshooting
If you run into certificate errors, try repairing your certificate trust errors using DigiCert® Certificate Utility for Windows. If this does not fix the errors contact support.