Skip to content

How to export certificate in Exchange Server

We like to export the certificate in Exchange Server and import the certificate into the newly installed Exchange Server. It’s crucial to install an SSL certificate on the Exchange Server to secure the connections between the server and clients. In this article, you will learn how to export certificate in Exchange Server with PowerShell and Exchange Admin Center.

Create shared folder

Sign in to the Exchange Server. This can be the new Exchange Server or one that is already installed and configured. Create a folder on the (C:) drive and give it the name Certs. Right-click the Certs folder and share this folder.

Assign permissions to the folder:

  • Your account (administrator) – Permissions Change/Read Allow
  • SYSTEM – Permissions Change/Read Allow
How to export certificate in Exchange Server create shared folder

Browse to the shared Cert folder path and verify that you can open the folder before proceeding to the next step.

Verify shared folder access

Export Exchange certificate

Starting from Exchange Server 2016 CU23 and later and Exchange Server 2019 CU12 and later, the only option to export the Exchange certificate is with PowerShell (Exchange Management Shell).

Note: To prevent misuse of UNC paths by attackers, Microsoft removed the parameters that take UNC paths as inputs from the Exchange Server PowerShell cmdlets and the Exchange Admin Center. These changes will affect all cumulative update (CU) releases of Microsoft Exchange Server 2019 (CU12 and later) and Microsoft Exchange Server 2016 (CU23 and later). Read more in the article Exchange Server certificate changes.

Get Exchange certificate with PowerShell

You need to have the thumbprint of the certificate that you want to export. An excellent way is to run the Get-ExchangeCertificate cmdlet in Exchange Management Shell.

[PS] C:\>Get-ExchangeCertificate | ft Thumbprint,Services,Subject

Thumbprint                                      Services Subject
----------                                      -------- -------
0C4C00B76EB7DB236573BF79258888D32C9B753D IMAP, IIS, SMTP CN=mail.exoip.com
7112671766E6349131572DC42F94D41F0032D95D            SMTP CN=Microsoft Exchange Server Auth Certificate
856D38D034BC538CE0EA2826A92854E1526CD89B  POP, IIS, SMTP CN=EX01-2016
9556B4F47D7C90DCC7E25163299335A825A874F0            None CN=WMSvc-SHA2-EX01-2016

Now that you have the certificate thumbprint, you can proceed to the next step.

Export Exchange certificate with PowerShell

Run Exchange Management Shell as administrator. Next, run the below two commands to export the certificate.

$cert = Export-ExchangeCertificate -Thumbprint '0C4C00B76EB7DB236573BF79258888D32C9B753D' -BinaryEncoded -Password (ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force)
[System.IO.File]::WriteAllBytes('\\ex01-2016\Certs\ExchangeCert.pfx', $cert.FileData)

Export Exchange certificate from Exchange Admin Center

Suppose you have Exchange Server that is not running Exchange Server 2016 CU23 and later or Exchange Server 2019 CU12 and later, you can export the certificate from Exchange Admin Center.

Sign in to Exchange Admin Center. Click servers in the feature pane and click certificates in the tabs. Select the Exchange Server. Click on the Exchange certificate that you want to export.

How to export certificate in Exchange Server select certificate

Click in the toolbar on (More options) and select Export Exchange Certificate.

How to export certificate in Exchange Server toolbar export Exchage certificate

Place the path you created in the first step and add a name for the certificate, including .pfx file name extension. In our example, it’s \\EX01-2016\certs\ExchangeCert.pfx. Protect the certificate with a password and click OK.

How to export certificate in Exchange Server file to export and password

Verify Exchange certificate export

Browse to the path and verify that the Exchange certificate is successfully exported.

That’s it. Did this help you to export the Exchange certificate?

Keep on reading: Remove certificate in Exchange Server »

Conclusion

You learned how to export certificate in Exchange Server. Create a shared folder and assign permissions before you start to export the certificate with PowerShell or with the export wizard in Exchange Admin Center.

Remember that in the latest Exchange Server versions, the export certificate functionality in Exchange Admin Center is removed, and the only way to export the Exchange certificate is with PowerShell.

Did you enjoy this article? You may also like the article Export mailbox permissions to CSV file. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *