Jun 19 2019 07:37 AM
We have existing Exchange 2010 hybrid servers and we have a wildcard certificate that needs to be imported to these exchange servers to update the current wildcard. A CSR was never generated.
Is there a process to import the new wildcard onto the Exchange servers and get the right services activated under the new certificate?
Jun 19 2019 11:56 AM - edited Jun 19 2019 12:07 PM
SolutionHey shaun, absolutely you can import wildcard certs on your exchange boxes without initiating a request, but without the request you will need the password for the pfx format cert.
This script is written for Exchange 2010 so others viewing this may need to tweak the get-exchangeserver line, but otherwise this should get you to where you are going. Without the pending request, you will just need to know the password for the file, which you can supply in the script below.
Script will
-prompts you for the password
-grabs all your cas servers (for ex 2010, on newer versions you may need all exchange servers)
-imports the cert on each server
-enables services on each server
Best of luck!
#########
#script begin
<#
.NOTES
be sure to set the $servers variable as well as the full filepath to the pfx file on the server from where you are running the command
#>
$password = (get-credential).password
$servers= get-exchangeserver|?{$_.serverrole -like "*clientaccess*"}
foreach($server in $servers){
write-host "importing cert on $($server.name)..." -f yellow
#import cert request
$installed= Import-ExchangeCertificate -server $server.fqdn -FileData ([Byte[]]$(Get-Content -Path C:\Users\Admin\Desktop\Wildcard\contoso.com.pfx -Encoding byte -ReadCount 0)) -Password:$password -confirm:$false
#enable services
Enable-ExchangeCertificate -server $server.name -Thumbprint $installed.thumbprint -service iis,SMTP -confirm:$false
} #close foreach server
Jun 20 2019 05:12 AM
What if there is no password on the certificate? I talked with our server team and they stated that they downloaded the Exchange wildcard certificate and it did not have a password.
Jun 20 2019 07:33 AM
Jun 20 2019 07:46 AM
@Shaun Jennings -- Greg is right, you will need to go back to your server team to get the private key format of the certificate. A pfx or p12 format certificate is a bundled format certificate that includes the private and public keys (the private requiring a password to import).
Jul 03 2019 08:54 AM
@msExchangeDudeThank you for the assistance. The script worked flawlessly.
Jun 19 2019 11:56 AM - edited Jun 19 2019 12:07 PM
SolutionHey shaun, absolutely you can import wildcard certs on your exchange boxes without initiating a request, but without the request you will need the password for the pfx format cert.
This script is written for Exchange 2010 so others viewing this may need to tweak the get-exchangeserver line, but otherwise this should get you to where you are going. Without the pending request, you will just need to know the password for the file, which you can supply in the script below.
Script will
-prompts you for the password
-grabs all your cas servers (for ex 2010, on newer versions you may need all exchange servers)
-imports the cert on each server
-enables services on each server
Best of luck!
#########
#script begin
<#
.NOTES
be sure to set the $servers variable as well as the full filepath to the pfx file on the server from where you are running the command
#>
$password = (get-credential).password
$servers= get-exchangeserver|?{$_.serverrole -like "*clientaccess*"}
foreach($server in $servers){
write-host "importing cert on $($server.name)..." -f yellow
#import cert request
$installed= Import-ExchangeCertificate -server $server.fqdn -FileData ([Byte[]]$(Get-Content -Path C:\Users\Admin\Desktop\Wildcard\contoso.com.pfx -Encoding byte -ReadCount 0)) -Password:$password -confirm:$false
#enable services
Enable-ExchangeCertificate -server $server.name -Thumbprint $installed.thumbprint -service iis,SMTP -confirm:$false
} #close foreach server