Export Exchange 2013 Certificate using PowerShell
In this post, I will look at how to export an Exchange 2013 certificate with private key using PowerShell and how to verify if the certificate has the private key after export.
A certificate can be exported from the exchange server as a simple backup method or to import on any other devices. The Exchange admin console can also be used to export the certificate.
After the export, the certificate file will be password protected and will be a binary PKCS #12 file that contains the private key, and can be used on other servers.
To get started with the export process, the following cmdlet needs to be run in the Exchange Management Shell.
Get-ExchangeServerCertificate |Select Thumbprint, Subject
This cmdlet will give an output of the certificate thumbprint which we will use to export the needed certificate.
To continue and export the certificate, the following cmdlet can be executed.
Export-ExchangeCertificate –Server thatlazyEx-01 -Thumbprint 90C97093A05DD0E06F84660F2F97D49CD28FC8B2 -FileName "\\thatlazyex-02\Cert\Mail.pfx" -BinaryEncoded -Password (ConvertTo-SecureString -String 'P@ssw0rd2016' -AsPlainText -Force)
The same export can be done from the Exchange admin console as well, to export from the Exchange admin console the following steps can be followed.
- Login to Exchange admin console
- Navigate to Servers then Certificates
- Select the server where you want to export the certificate from
- Select the certificate from the list of installed certificates and click on the more ( … ) options.
- Select Export Exchange Certificate from the list.
- Provide a valid unc path for the export and provide a password for the certificate file.
How do check if the certificate has the private key attached with it.
- Launch mmc using Run and open the certificate manager.
- Select the Local machine from the Certificate Manager.
- Open the certificate manager navigate to personal certificates and double click the exported certificate.
- On the general page at the bottom you will see a key and that means that the certificate was exported with the private key.