We recommend using the Exchange Management Shell for installation of the SSL Certificate on a server with Exchange 2007.
In the same way as the CSR code generation, you will need to use commands with the corresponding parameters of the cmdlet. First, make sure that you have saved the Validated Certificate, which was sent to you by the Certificate Authority, to the root directory of the C drive. That file should be in format suitable for the Exchange server, this can be either .cer, .p7b or .p7s .
Next, import of the saved SSL Certificate. For this, open EMS (Exchange Management Shell):
Start >> All Programs >> Microsoft Exchange Server 2007 >> Exchange Management Shell.
Then run two commands together - one for the installation of the Certificate at the server and one enabling it for the required services. Both commands should be in the same line, separated by a pipe character:
Import-ExchangeCertificate -Path C:\www.example.com.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
If you are installing a certificate in PEM (X.509) format: After installation you will need to follow the procedure outlined in "Root and Intermediate Certificate installation via MMC", with the other files that you have been sent, in order to complete the installation.
Installation of the Certificate can be verified by command:
Get-ExchangeCertificate -DomainName www.example.com
In the Services column you will see SIP and W which stand for SMTP, IMAP, POP3 and Web (IIS). If your certificate isn't properly enabled, you can re-run the Enable-ExchangeCertificate command by pasting the thumbprint of your certificate as the -ThumbPrint argument such as:
Enable-ExchangeCertificate -ThumbPrint [paste] -Services "SMTP, IMAP, POP, IIS"
If the installation returned the error message: “The certificate with thumbprint [XXX] was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing)” then use one of the solutions below, depending on the reason for the error.
Here is a more detailed instructions on how to resolve the issue defined in the last case:
As an alternative, to confirm that all required steps have been completed, and that the certificate is both installed and operational, run the following command:
Get- ExchangeCertificate <ThumbPrint> | fl