Posted by 1 – Get Exchange Thumbprint
First we need to get exchange server url thumbprint. To achieve this we need to run the following command. The below command and any subsequent command will only run successfully in EXCHANGE POWERSHELL with elevated pravillages.
Get-ExchangeCertificate | Select-Object Thumbprint,Subject,Services,NotBefore,NotAfter
After successfull execution of the above script in Exchange Powershell you will see output something similar to the one below. Note dhown the thumbprint id.
Thumbprint : 59SJUB40A6FA736ABHTRBB95A5C0BA53BD79C33D
Subject : CN=mymail.exchangeserver.com
Services : IMAP, POP, IIS, SMTP
NotBefore : 26/03/2023 11:00:00 AM
NotAfter : 24/04/2024 9:59:59 AM
Thumbprint : 578B1D58D5AHTIOPAHNT8E9E04B1A36CA030AE38
Subject : CN=Microsoft Exchange Server Auth Certificate
Services : SMTP
NotBefore : 29/04/2019 6:03:52 AM
NotAfter : 2/04/2024 7:03:52 AM
Thumbprint : 32KSDJFSIDDDJ03E35A895537C4713CBE72929EA89
Subject : CN=E19
Services : IIS, SMTP
NotBefore : 29/04/2019 6:03:00 AM
NotAfter : 29/04/2024 6:03:00 AM
Thumbprint : 0C24FB5D6C54AK84HDSU7O232E85A4DCF4756A42
Subject : CN=WMSvc-SHA2-E19
Services : SMTP
NotBefore : 29/04/2019 5:20:05 AM
NotAfter : 26/04/2029 5:20:05 AM
2 – Create new CSR
Once you have reterieved the thumbprint then you would need to run the second command and generate CSR on exchange server. Once again only use exchange powershell as administrator otherwise the command execution will fail.
$certRequest = Get-ExchangeCertificate -Thumbprint 59SJUB40A6FA736ABHTRBB95A5C0BA53BD79C33D | New-ExchangeCertificate -GenerateRequest
The above syntrax will create the CSR and save it in runtime variable certRequest specified at the begning of the syntax with ‘$’ sign.
3 – Save the CSR to a file
[System.IO.File]::WriteAllBytes('\EXCHANGE_SERVER_NAME\ssl\2024\mymail.exchangeserver.com.req', ` [System.Text.Encoding]::Unicode.GetBytes($certRequest))
4 – Get SSL Certificate
Next we need to buy SSL certificate from our prefered CA authority. Once you have received the certificate from CA ther next step is to install or import certificate into exchange.
5 – Import Certificate into Exchange
Next import certificate into exchange server. We need to import .crt file here.
Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes('\\EXCHANGE_SERVER_NAME\ssl\2024\mymail.exchangeserver.com.crt')) -PrivateKeyExportable $true
6 – Enable SSL Certificate & Link to Services
Enable-ExchangeCertificate -Thumbprint 494FAB40A27JSGTE630OLSUYT46S9A53BD79C33D -Services IIS, IMAP, POP, SMTP ` -Force
5 – Certificate Check
Get-ExchangeCertificate -Thumbprint 494FAB40A27JSGTE630OLSUYT46S9A53BD79C33D | ` Select-Object Thumbprint, Subject, Services, NotBefore, NotAfter
Thats is it, you have now successfull installed SSL Certificate for Exchange Server.
Some time SSL does not gets linked to Services or all services. You can easily fix this vial exchange Admin Center. and Selecting Certificate and Services.