skip to Main Content

Get Exchange certificate with PowerShell

Do you need to get the Exchange certificate with PowerShell? For example, you need to cleanup the Exchange certificates. You can retrieve the information in two ways. One of them is through PowerShell. The other is with the Exchange Admin Center (EAC). In this article, you will learn the PowerShell commands that you can use to get the information you need.

Get Exchange certificate with PowerShell

Run Exchange Management Shell as administrator. Run the Get-ExchangeCertificate cmdlet to get all the installed certificates on the Exchange Server.

In our example, there are four certificates installed on the Exchange Server.

[PS] C:\>Get-ExchangeCertificate | Format-List

Refine Exchange certificate output

We like to refine the output results of the installed Exchange certificates.

[PS] C:\>Get-ExchangeCertificate | select Thumbprint, Services, NotAfter, Subject, CertificateDomains


Thumbprint         : 1AEF337DFC2B537D9E0D0C89D1AE55749AF2660B
Services           : SMTP
NotAfter           : 5/1/2027 9:15:30 PM
Subject            : CN=Microsoft Exchange Server Auth Certificate
CertificateDomains : {}

Thumbprint         : E55A7CE736B5798A1A694F1D0515227E35F97514
Services           : IIS, SMTP
NotAfter           : 5/1/2027 7:53:26 PM
Subject            : CN=EX01-2019
CertificateDomains : {EX01-2019, EX01-2019.exoip.local}

Thumbprint         : E0BDD1F47CA74B3FC3E6D84DD4AF86C1E7141DC9
Services           : IMAP, POP, IIS, SMTP
NotAfter           : 7/19/2022 11:14:01 AM
Subject            : CN=mail.exoip.com
CertificateDomains : {mail.exoip.com, autodiscover.exoip.com}

Thumbprint         : 5C542FF3253B641876C77C70404625154B723E25
Services           : None
NotAfter           : 4/13/2032 5:38:47 PM
Subject            : CN=WMSvc-SHA2-EX01-2019
CertificateDomains : {WMSvc-SHA2-EX01-2019}

In the next part, we will specify the services.

Get Exchange certificates with specific service

You can specify the services that you want to assign to a certificate. The services are:

  • SMTP
  • Microsoft Exchange Unified Messaging
  • Unified Messaging Call Router
  • IMAP
  • POP
  • IIS

Get a list of certificates that are installed and assigned to the SMTP service. Change the SMTP in the command to one of the above services to filter the shown certificates.

[PS] C:\>Get-ExchangeCertificate | select Thumbprint, Services, NotAfter, Subject, CertificateDomains | where {$_.Services -match "SMTP"} | fl


Thumbprint         : 1AEF337DFC2B537D9E0D0C89D1AE55749AF2660B
Services           : SMTP
NotAfter           : 5/1/2027 9:15:30 PM
Subject            : CN=Microsoft Exchange Server Auth Certificate
CertificateDomains : {}

Thumbprint         : E55A7CE736B5798A1A694F1D0515227E35F97514
Services           : IIS, SMTP
NotAfter           : 5/1/2027 7:53:26 PM
Subject            : CN=EX01-2019
CertificateDomains : {EX01-2019, EX01-2019.exoip.local}

Thumbprint         : E0BDD1F47CA74B3FC3E6D84DD4AF86C1E7141DC9
Services           : IMAP, POP, IIS, SMTP
NotAfter           : 7/19/2022 11:14:01 AM
Subject            : CN=mail.exoip.com
CertificateDomains : {mail.exoip.com, autodiscover.exoip.com}

It’s easier to filter and read when you get the Exchange certificates with PowerShell. Did it help you to get the Exchange certificate with PowerShell?

Read more: Remove Exchange certificate with PowerShell »

Conclusion

To sum up, you learned how to get an Exchange certificate with PowerShell. We can use both the Exchange Admin Center and PowerShell to get the Exchange certificates information. Do you use the Exchange Admin Center or PowerShell?

Did you enjoy this article? You may also like Install Exchange certificate with PowerShell. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 3 Comments

  1. Hi, If I run “Get-ExchangeCertificate | select Thumbprint, Services, NotAfter, Subject, CertificateDomains” from the exchange management shell it works fine.
    But If I were run powershell and connect to the on-premises environment (New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri “http://$ExchServ/powershell” -Authentication Kerberos), run the same command, “certificate domains” shows BLANK.
    How can I get it to show the field.
    Thanks

    1. Hi Hil,

      You are connecting from another server to the on-premises Exchange Server. Unfortunately, you will not get all the certificate properties. What you can do is the following: Install Exchange Management Tools on the server that you are on. Once installed, launch EMS or PS and load the Exchange SnapIn. Run the cmdlet.

Leave a Reply

Your email address will not be published.