How to Install an SSL/TLS Certificate In Microsoft Exchange 2007

The following instructions will guide you through the SSL installation process on Microsoft Exchange 2007. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below.

What You’ll Need

1. Your server certificate

This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.

2. Your intermediate certificates

These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.

3. Your private key

This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.

Installation Instructions

1. Copy and save your certificate on your Exchange Server.

Connect to your Exchange Server via FTP and copy your SSL Certificate File onto your Exchange Server’s desktop.

2. Select Exchange Management Shell

From the Start menu, choose MS Exchange Server 2007, then select Exchange Management Shell.

3. Run the Import and Enable commands together

Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together:

Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate –Services "SMTP, IMAP, POP, IIS"

Note: Both commands are run on the same line, divided by a “pipe” character.

4. Verify the certificate has been enabled

To verify whether or not the certificate has been enabled, run the following command:

C:\> Get-ExchangeCertificate -DomainName your.domain.name

MS 2007 step5

Note: In the Services column, SIP and W are abbreviations for “SMTP,” “IMAP,” “POP3” and “Web (IIS). If the Certificate is not properly enabled, run the Enable-ExchangeCertificate command line again by copying the thumbprint of your certificate as shown below:

Enable-ExchangeCertificate -ThumbPrint [paste] -Services "SMTP, IMAP, POP, IIS"

Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.

To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance.

Manual Intermediate Installation Instructions

1. Select Run

Open the Start menu, select Run…

2. Access mmc

Type mmc, click OK. The Microsoft Management Console window should open.

3. Select Add/Remove Snap-In

Select the File menu, choose Add/Remove Snap-In.

4. Add a Certificate

Click Certificates, then Add.

5. Select the correct account

Select the correct computer account, then Next.

6. Choose Local Computer

Choose Local Computer, then click Finish.

7. Click OK

Click OK to close Add/Remove Snap-Ins.

8. Expand the Certificate folder

In the Console window, expand Certificates.

9. Import your intermediate certificate

Right-click on Intermediate Certification Authorities, hover over All Tasks, then select Import.

10. Click Next

The Certificate Import Wizard should appear, click Next.

11. Select Browse

Select Browse and locate the Intermediate Certificate file.

12. Change the extension to PKCS #7

Change the extension filter in the bottom right corner to: PKCS #7 Certificates (*.spc;*.p7b).

13. Open the Certificate File

Select the Certificate File and click Open.

14. Click Next

Choose Next.

15. Click Place All Certificate in the Following Store

Click Place All Certificate in the Following Store.

16. Select Browser

Select Browser, choose Intermediate Certification Authorities, then click Next.

17. Select Finish

Select Finish.

Was this article helpful?

Related Articles