Forum Discussion
Shaun Jennings
Jun 19, 2019Iron Contributor
Installing a pre-existing wildcard SSL certificate on Exchange 2013
We have existing Exchange 2010 hybrid servers and we have a wildcard certificate that needs to be imported to these exchange servers to update the current wildcard. A CSR was never generated.
Is there a process to import the new wildcard onto the Exchange servers and get the right services activated under the new certificate?
Hey shaun, absolutely you can import wildcard certs on your exchange boxes without initiating a request, but without the request you will need the password for the pfx format cert.
This script is written for Exchange 2010 so others viewing this may need to tweak the get-exchangeserver line, but otherwise this should get you to where you are going. Without the pending request, you will just need to know the password for the file, which you can supply in the script below.
Script will
-prompts you for the password
-grabs all your cas servers (for ex 2010, on newer versions you may need all exchange servers)
-imports the cert on each server
-enables services on each server
Best of luck!
#########
#script begin
<#
.NOTESbe sure to set the $servers variable as well as the full filepath to the pfx file on the server from where you are running the command
#>
$password = (get-credential).password
$servers= get-exchangeserver|?{$_.serverrole -like "*clientaccess*"}
foreach($server in $servers){
write-host "importing cert on $($server.name)..." -f yellow
#import cert request
$installed= Import-ExchangeCertificate -server $server.fqdn -FileData ([Byte[]]$(Get-Content -Path C:\Users\Admin\Desktop\Wildcard\contoso.com.pfx -Encoding byte -ReadCount 0)) -Password:$password -confirm:$false
#enable services
Enable-ExchangeCertificate -server $server.name -Thumbprint $installed.thumbprint -service iis,SMTP -confirm:$false
} #close foreach server
- msExchangeDude
Microsoft
Hey shaun, absolutely you can import wildcard certs on your exchange boxes without initiating a request, but without the request you will need the password for the pfx format cert.
This script is written for Exchange 2010 so others viewing this may need to tweak the get-exchangeserver line, but otherwise this should get you to where you are going. Without the pending request, you will just need to know the password for the file, which you can supply in the script below.
Script will
-prompts you for the password
-grabs all your cas servers (for ex 2010, on newer versions you may need all exchange servers)
-imports the cert on each server
-enables services on each server
Best of luck!
#########
#script begin
<#
.NOTESbe sure to set the $servers variable as well as the full filepath to the pfx file on the server from where you are running the command
#>
$password = (get-credential).password
$servers= get-exchangeserver|?{$_.serverrole -like "*clientaccess*"}
foreach($server in $servers){
write-host "importing cert on $($server.name)..." -f yellow
#import cert request
$installed= Import-ExchangeCertificate -server $server.fqdn -FileData ([Byte[]]$(Get-Content -Path C:\Users\Admin\Desktop\Wildcard\contoso.com.pfx -Encoding byte -ReadCount 0)) -Password:$password -confirm:$false
#enable services
Enable-ExchangeCertificate -server $server.name -Thumbprint $installed.thumbprint -service iis,SMTP -confirm:$false
} #close foreach server- Shaun JenningsIron Contributor
What if there is no password on the certificate? I talked with our server team and they stated that they downloaded the Exchange wildcard certificate and it did not have a password.
- msExchangeDude
Microsoft
Shaun Jennings -- Greg is right, you will need to go back to your server team to get the private key format of the certificate. A pfx or p12 format certificate is a bundled format certificate that includes the private and public keys (the private requiring a password to import).