37 C
Monday, July 22, 2024

Configuring 3rd Party Exchange Certificate in Exchange 2010

Exchange 2010 creates a self-signed SAN certificate and assigns it to the services like IMAP, POP, IIS, and SMTP.

The only drawback of this self-signed certificate is that it contains the server’s FQDN and NetBIOS names only.

Where we get certificate errors on all the Clients where we need to install the Certificates manually on all the clients , which is a hassle and no one likes it in fact . Cause installing Certificate in mobile devices becomes more complex .

To avoid any certificate related errors and use it over the internet without any problems it is highly recommended that you request and assign a certificate from a Certification Authority that can be contacted from anywhere like VeriSign , Go Daddy ,DigiCert etc.. .
To request a new certificate from a trusted CA use following format:

Step 1:

Requesting a Certificate , you can use shell or GUI

GUI is much user friendly

You can refer the link below to use GUI and Export the Certificate




are the two Needed Entries in the SSL Cert.


You can use Shell to Export the Request file – My Servers FQDN is Exchange2010.careexchange.in

Replace the values as per your requirement

Generate a Request

$Data = New-ExchangeCertificate -FriendlyName 'Exchange Cert' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=IN,S="MH",L="PN",O="Exchange Messaging",OU="Enterprise Messaging",CN=mail.Careexchange.in' –DomainName 'mail.careexchange.in','autodiscover.careexchange.in -Server 'EXCHANGE2010'

You need to enter this command below in order to get the request file

Export the data into a certificate request file

Set-Content -Path C:\Certreq.req -Value $Data

Step 2:

Use this request file for submission to the CA . For Example Below Uploading a CSR in digi Cert.

and download the certificate. Save the certificate to a convenient location.


Step 3:

Import the certificate, Give the Correct location in the command

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "C:\Exchangecert.pfx" -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password

You can refer the link below to use GUI to import the Certificate using “Step 22”

Use Step 23 to Assign Services like IMAP, POP, IIS, and SMTP.


Great !

You learnt how to Export and Import and Configure Certificates in Exchange 2010

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles



Please enter your comment!
Please enter your name here

× How can I help you?