skip to Main Content

Install Exchange certificate with PowerShell

How to install Exchange certificate with PowerShell? You already have a certificate and you want to install it in Exchange Server. This means that you need to import the certificate in Exchange Server. After the certificate import, assign the certificate to the Exchange services. In a previous article, we showed how to import certificate in Exchange Admin Center. In this article, you will learn how to install Exchange certificate with PowerShell.

Do you have more than one Exchange Server running in the organization? You can use the same certificate for other Exchange Servers.

Install Exchange certificate with PowerShell

Before we start, place the Exchange certificate in a shared folder. Make sure to assign permissions to the folder. For example the SYSTEM account. If you don’t give permissions, you are not able to import the certificate and an error will show up.

Install Exchange certificate with PowerShell

Run Exchange Management Shell as administrator. Run the Import-ExchangeCertificate cmdlet to install the Exchange certificate.

[PS] C:\>Import-ExchangeCertificate -Server EX01-2016 -FileName "\\ex01-2016\certs\ExchangeCert.pfx" -PrivateKeyExportable:$true -Password (ConvertTo-SecureString -String "YourCertificatePassword" -AsPlainText -Force)

Thumbprint                                Services   Subject
----------                                --------   -------
0C4C00B76EB7DB236573BF79258888D32C9B753D  .......

The certificate is imported successfully with PowerShell.

Good to know: the certificate is not yet assigned to Exchange services. You can see that from the dots (…….) in the column Services.

Assign certificate to the Exchange Server services

If the certificate is not assigned to the Exchange Server services, it will do nothing. Assign the certificate with the Enable-ExchangeCertificate cmdlet and the -Services parameter. After running the cmdlet, press Y and press Enter.

[PS] C:\>Enable-ExchangeCertificate -Thumbprint 0C4C00B76EB7DB236573BF79258888D32C9B753D -Services SMTP,IMAP,IIS

Overwrite the existing default SMTP certificate?

Current certificate: '9BC8DF0DC366A87E2D397DD4CD328D91533346D2' (expires 6/6/2025 8:00:12 PM)
Replace it with certificate: '0C4C00B76EB7DB236573BF79258888D32C9B753D' (expires 9/3/2020 6:22:51 PM)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): Y

Verify assigned Exchange certificate

Run Get-ExchangeCertificate cmdlet to verify the assigned services.

Do you like to know more about which certificates are installed on the Exchange Server? Read Get Exchange certificate with PowerShell.

[PS] C:\>Get-ExchangeCertificate | select Thumbprint, Services, NotAfter, Subject, CertificateDomains

Thumbprint         : 0C4C00B76EB7DB236573BF79258888D32C9B753D
Services           : IMAP, IIS, SMTP
NotAfter           : 9/3/2020 6:22:51 PM
Subject            :
CertificateDomains : {,}

The certificate is installed in Exchange Server and everything looks great. We can see the certificate assigned to the Exchange services IMAP, IIS, and SMTP.

Did this article help you to import and assign the Exchange certificate with PowerShell?


To sum it up, you learned how to install Exchange certificate with PowerShell. Import the certificate in Exchange Server. After that, assign the certificate to the Exchange services. Do you use the Exchange Admin Center or PowerShell? I recommend PowerShell as it’s faster to install the certificate.

I hope you enjoyed this article. You may also like Update .NET Framework in Exchange Server. Don’t forget to follow us and share this article.



ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *