To prevent misuse of UNC paths by attackers, Microsoft removed the parameters that take UNC…
We like to export the certificate in Exchange Server and import the certificate in the newly installed Exchange Server. It’s crucial to install an SSL certificate on the Exchange Server to secure the connections between the server and clients. In this article, you will learn how to export certificate in Exchange Server with PowerShell and Exchange Admin Center.
Table of contents
Create shared folder
Sign in to the Exchange Server. This can be the new Exchange Server or one that is already installed and configured. Create a folder on the (C:) drive and give it the name Certs. Right-click the Certs folder and share this folder.
Assign permissions to the folder:
- Your account (administrator) – Permissions Change/Read Allow
- SYSTEM – Permissions Change/Read Allow
Browse to the shared Cert folder path and verify that you can open the folder before proceeding to the next step.
Export Exchange certificate
Starting from Exchange Server 2016 CU23 and later and Exchange Server 2019 CU12 and later, the only option to export the Exchange certificate is with PowerShell (Exchange Management Shell).
Note: To prevent misuse of UNC paths by attackers, Microsoft removed the parameters that take UNC paths as inputs from the Exchange Server PowerShell cmdlets and the Exchange Admin Center. These changes will affect all cumulative update (CU) releases of Microsoft Exchange Server 2019 (CU12 and later) and Microsoft Exchange Server 2016 (CU23 and later). Read more in the article Exchange Server certificate changes.
Export Exchange certificate with PowerShell
Run Exchange Management Shell as administrator. Next, run the below two commands to export the certificate.
$cert = Export-ExchangeCertificate -Thumbprint 'E0BDD1F47CA74B3FC3E6D84DD4AF86C1E7141DC9' -BinaryEncoded -Password (ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force) [System.IO.File]::WriteAllBytes('\\ex01-2016\Certs\ExchangeCert.pfx', $cert.FileData)
Export Exchange certificate from Exchange Admin Center
Suppose you have Exchange Server which is not running Exchange Server 2016 CU23 and later or Exchange Server 2019 CU12 and later, you can export the certificate from Exchange Admin Center.
Sign in to Exchange Admin Center. Click servers in the feature pane and click certificates in the tabs. Select the Exchange Server. Click on the Exchange certificate that you want to export.
Click in the toolbar on … (More options) and select Export Exchange Certificate.
Place the path you created in the first step and add a name for the certificate, including .pfx file name extension. In our example, it’s \\EX01-2016\certs\ExchangeCert.pfx. Protect the certificate with a password and click OK.
Verify Exchange certificate export
Browse to the path and verify that the Exchange certificate is exported with success.
That’s it. Did this help you to export the Exchange certificate?
Keep on reading: Remove Exchange certificate with PowerShell »
You learned how to export certificate in Exchange Server. Create a shared folder and assign permissions before you start to export the certificate with PowerShell or with the export wizard in Exchange Admin Center.
Remember that in the latest Exchange Server versions, the export certificate functionality in Exchange Admin Center is removed and the only way to export the Exchange certificate is with PowerShell.
Did you enjoy this article? You may also like the article Export mailbox permissions to CSV file. Don’t forget to follow us and share this article.