Get Exchange certificate with PowerShell

Do you need to get the Exchange certificate with PowerShell? For example, you need to cleanup the Exchange certificates. You can retrieve the information in two ways. One of them is through PowerShell. The other is with the Exchange Admin Center (EAC). In this article, you will learn the PowerShell commands that you can use to get the information you need.

Get Exchange certificate with PowerShell

Run Exchange Management Shell as administrator. Run the Get-ExchangeCertificate cmdlet to get all the installed certificates on the Exchange Server.

In our example, there are four certificates installed on the Exchange Server.

[PS] C:\>Get-ExchangeCertificate | Format-List

Refine Exchange certificate output

We like to refine the output results of the installed Exchange certificates.

[PS] C:\>Get-ExchangeCertificate | select Thumbprint, Services, NotAfter, Subject, CertificateDomains


Thumbprint         : 1AEF337DFC2B537D9E0D0C89D1AE55749AF2660B
Services           : SMTP
NotAfter           : 5/1/2027 9:15:30 PM
Subject            : CN=Microsoft Exchange Server Auth Certificate
CertificateDomains : {}

Thumbprint         : E55A7CE736B5798A1A694F1D0515227E35F97514
Services           : IIS, SMTP
NotAfter           : 5/1/2027 7:53:26 PM
Subject            : CN=EX01-2019
CertificateDomains : {EX01-2019, EX01-2019.exoip.local}

Thumbprint         : E0BDD1F47CA74B3FC3E6D84DD4AF86C1E7141DC9
Services           : IMAP, POP, IIS, SMTP
NotAfter           : 7/19/2022 11:14:01 AM
Subject            : CN=mail.exoip.com
CertificateDomains : {mail.exoip.com, autodiscover.exoip.com}

Thumbprint         : 5C542FF3253B641876C77C70404625154B723E25
Services           : None
NotAfter           : 4/13/2032 5:38:47 PM
Subject            : CN=WMSvc-SHA2-EX01-2019
CertificateDomains : {WMSvc-SHA2-EX01-2019}

In the next part, we will specify the services.

Get Exchange certificates with specific service

You can specify the services that you want to assign to a certificate. The services are:

• SMTP
• Microsoft Exchange Unified Messaging
• Unified Messaging Call Router
• IMAP
• POP
• IIS

Get a list of certificates that are installed and assigned to the SMTP service. Change the SMTP in the command to one of the above services to filter the shown certificates.

[PS] C:\>Get-ExchangeCertificate | select Thumbprint, Services, NotAfter, Subject, CertificateDomains | where {$_.Services -match "SMTP"} | fl


Thumbprint         : 1AEF337DFC2B537D9E0D0C89D1AE55749AF2660B
Services           : SMTP
NotAfter           : 5/1/2027 9:15:30 PM
Subject            : CN=Microsoft Exchange Server Auth Certificate
CertificateDomains : {}

Thumbprint         : E55A7CE736B5798A1A694F1D0515227E35F97514
Services           : IIS, SMTP
NotAfter           : 5/1/2027 7:53:26 PM
Subject            : CN=EX01-2019
CertificateDomains : {EX01-2019, EX01-2019.exoip.local}

Thumbprint         : E0BDD1F47CA74B3FC3E6D84DD4AF86C1E7141DC9
Services           : IMAP, POP, IIS, SMTP
NotAfter           : 7/19/2022 11:14:01 AM
Subject            : CN=mail.exoip.com
CertificateDomains : {mail.exoip.com, autodiscover.exoip.com}

It’s easier to filter and read when you get the Exchange certificates with PowerShell. Did it help you to get the Exchange certificate with PowerShell?

Read more: Remove Exchange certificate with PowerShell »

Conclusion

To sum up, you learned how to get an Exchange certificate with PowerShell. We can use both the Exchange Admin Center and PowerShell to get the Exchange certificates information. Do you use the Exchange Admin Center or PowerShell?

Did you enjoy this article? You may also like Install Exchange certificate with PowerShell. Don’t forget to follow us and share this article.