cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Installing a pre-existing wildcard SSL certificate on Exchange 2013

Shaun Jennings
Iron Contributor

‎Jun 19 2019 07:37 AM

‎Jun 19 2019 07:37 AM

Installing a pre-existing wildcard SSL certificate on Exchange 2013

We have existing Exchange 2010 hybrid servers and we have a wildcard certificate that needs to be imported to these exchange servers to update the current wildcard. A CSR was never generated.

 

Is there a process to import the new wildcard onto the Exchange servers and get the right services activated under the new certificate?

9,023 Views
0 Likes
5 Replies
Reply
5 Replies
best response confirmed by Shaun Jennings (Iron Contributor)
msExchangeDude

‎Jun 19 2019 11:56 AM - edited ‎Jun 19 2019 12:07 PM

‎Jun 19 2019 11:56 AM - edited ‎Jun 19 2019 12:07 PM

Solution

Re: Installing a pre-existing wildcard SSL certificate on Exchange 2013

Hey shaun, absolutely you can import wildcard certs on your exchange boxes without initiating a request, but without the request you will need the password for the pfx format cert. 

 

This script is written for Exchange 2010 so others viewing this may need to tweak the get-exchangeserver line, but otherwise this should get you to where you are going. Without the pending request, you will just need to know the password for the file, which you can supply in the script below.

 

Script will

-prompts you for the password

-grabs all your cas servers (for ex 2010, on newer versions you may need all exchange servers)

-imports the cert on each server

-enables services on each server

 

Best of luck!

#########
#script begin
<#
.NOTES

be sure to set the $servers variable as well as the full filepath to the pfx file on the server from where you are running the command

#>

$password = (get-credential).password 

$servers= get-exchangeserver|?{$_.serverrole -like "*clientaccess*"} 

 

foreach($server in $servers){

write-host "importing cert on $($server.name)..." -f yellow

#import cert request

$installed= Import-ExchangeCertificate -server $server.fqdn -FileData ([Byte[]]$(Get-Content -Path C:\Users\Admin\Desktop\Wildcard\contoso.com.pfx -Encoding byte -ReadCount 0)) -Password:$password -confirm:$false

 

#enable services

Enable-ExchangeCertificate -server $server.name -Thumbprint $installed.thumbprint -service iis,SMTP -confirm:$false
} #close foreach server

1 Like
Reply
Shaun Jennings

‎Jun 20 2019 05:12 AM

‎Jun 20 2019 05:12 AM

Re: Installing a pre-existing wildcard SSL certificate on Exchange 2013

What if there is no password on the certificate? I talked with our server team and they stated that they downloaded the Exchange wildcard certificate and it did not have a password.

0 Likes
Reply
Greg Taylor - EXCHANGE

‎Jun 20 2019 07:33 AM

‎Jun 20 2019 07:33 AM

Re: Installing a pre-existing wildcard SSL certificate on Exchange 2013

They didn't choose to export the private key with the cert then.
1 Like
Reply
msExchangeDude

‎Jun 20 2019 07:46 AM

‎Jun 20 2019 07:46 AM

Re: Installing a pre-existing wildcard SSL certificate on Exchange 2013

@Shaun Jennings -- Greg is right, you will need to go back to your server team to get the private key format of the certificate. A pfx or p12 format certificate is a bundled format certificate that includes the private and public keys (the private requiring a password to import). 

1 Like
Reply
Shaun Jennings

‎Jul 03 2019 08:54 AM

‎Jul 03 2019 08:54 AM

Re: Installing a pre-existing wildcard SSL certificate on Exchange 2013

@msExchangeDudeThank you for the assistance. The script worked flawlessly.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Shaun Jennings (Iron Contributor)
msExchangeDude

‎Jun 19 2019 11:56 AM - edited ‎Jun 19 2019 12:07 PM

‎Jun 19 2019 11:56 AM - edited ‎Jun 19 2019 12:07 PM

Solution

Re: Installing a pre-existing wildcard SSL certificate on Exchange 2013

Hey shaun, absolutely you can import wildcard certs on your exchange boxes without initiating a request, but without the request you will need the password for the pfx format cert. 

 

This script is written for Exchange 2010 so others viewing this may need to tweak the get-exchangeserver line, but otherwise this should get you to where you are going. Without the pending request, you will just need to know the password for the file, which you can supply in the script below.

 

Script will

-prompts you for the password

-grabs all your cas servers (for ex 2010, on newer versions you may need all exchange servers)

-imports the cert on each server

-enables services on each server

 

Best of luck!

#########
#script begin
<#
.NOTES

be sure to set the $servers variable as well as the full filepath to the pfx file on the server from where you are running the command

#>

$password = (get-credential).password 

$servers= get-exchangeserver|?{$_.serverrole -like "*clientaccess*"} 

 

foreach($server in $servers){

write-host "importing cert on $($server.name)..." -f yellow

#import cert request

$installed= Import-ExchangeCertificate -server $server.fqdn -FileData ([Byte[]]$(Get-Content -Path C:\Users\Admin\Desktop\Wildcard\contoso.com.pfx -Encoding byte -ReadCount 0)) -Password:$password -confirm:$false

 

#enable services

Enable-ExchangeCertificate -server $server.name -Thumbprint $installed.thumbprint -service iis,SMTP -confirm:$false
} #close foreach server

View solution in original post

1 Like
Reply