Wednesday, May 13, 2015

Transferring Certificates from Exchange 2003/2007
to Exchange 2010


Problem

As a rule most of my clients use self signed certificates, (even though you can buy certs cheap as chips these days). If you have paid for a certificate I can see why you would want to transfer it to the new Exchange box, though if your using self signed certificates, it's a simpler task to create a new one. But I was asked, and what you guys ask for, I will work out how to do :)

Solution

Export Certificate from Exchange 2007

1. To see what certificates are being used for what. Launch "Exchange Management Shell" > Issue the following command,
export exchange 2007 cert
2. Take a note of the certificates thumbprint (copy it to notepad).
Note: The Letters mean
I - IMAP
P - POP
U - Unified Messaging
W - WEB (IIS)
S - SMTP
3. To export the certificate, (Note: Put in your certificate thumbprint).
4. Enter your domain credentials.
set cert password
5. Your exported certificate is now on the root of C: and called exported.pfx
pfx exporting

Export Certificate from Exchange 2003

1. Click Start > mmc {enter} > File > Add/Remove Snap-in.
2. Add > Certificates > Add > Select "Computer account" > Next.
mmc certificates
3. Accept the default of "Local computer" > Finish > Close > OK.
cert snapin
4. Expand Certificates > Personal > Certificates > locate the cert you are using for OWA etc.
locate digital certificate
5. Check the expiration date if you are unsure.
6. In the certificates console right click your certificate > All Tasks > Export.
certificate export windows
7. At the welcome page > Next > "Select Yes Export the Private Key" > Next > Next > Leave password blank > Next > Chose where to save it > Save.
export private key
8. Next > Finish > It should say that it was successful.
exchange 2003 certificate export


Import your Certificate into Exchange 2010

1. Copy your exported.pfx file to the root of the Exchange servers C: Drive.
2. Launch Exchange Management Shell > Issue the following command,
Or in you exported the certificate form Exchange 2003
Exchange 2003 Certificate Import (without a password prompt).
exchange 2003 certificate import
Exchange 2007 and 2010 Certificate Import
import exchange cert
4. Then to enable the certificate use the following command > and Press "A" to confirm.
enable exchange certificate
5. Now your OWA, Active-Sync etc, will be using the imported certificate.
exchange certificate

Related Articles, References, Credits, or External Links

Thanks to Rick Faria for pointing out this info was missing from the site :)