Previously, we generated the CSR in Exchange Management Shell and utilized it to activate the certificate. Once the certificate is issued, you can download the files from your 1Byte account. The file format used for Windows is .p7b. Exchange requires the .cer file, so you can easily rename your .p7b file to .cer as long as they belong to the same certificate format.
How to Install SSL Certificate in Exchange 2013 Shell
Ensure to save the files on your computer for installation.
Step 1
To install the certificate, open Exchange Shell and type the following command:
Import-ExchangeCertificate –FileData ([byte []]$(Get-Content –Path “path_to_certificate.cer” –Encoding Byte –ReadCount 0))
If everything is entered correctly, the system will display the Thumbprint of the certificate and its details (common name, organizational unit, etc.).
In our example, the certificate file was saved on the disc C://, folder “certs”.
In the next step, it is necessary to assign the certificate to the Exchange services. The command is as follows:
Get-ExchangeCertificate –ThumbPrint | Enable-ExchangeCertificate –Services IIS,SMTP,IMAP,POP
Step 2
The thumbprint used here is the sequence of digits displayed by the system in the previous step. You can also find the thumbprint by decoding your certificate, which can be done in one of two ways:
- Use the .crt file from the zip folder you have downloaded from your account. Go to this decoder, paste the content of the .crt file in and look for the “SHA1 Fingerprint” field. Note: you would need to delete the colons (:) from the fingerprint before using it in your Shell.
- Use the .p7b file from the zip folder. The decoder will show a message that the certificate is in PKCS#7 format and display the PEM certificate on the page. You will need to copy and decode the PEM certificate with the —–BEGIN CERTIFICATE—– header and use the digits from the “SHA1 Fingerprint” field.
After you type the command and click Enter, the system will ask if the current installed certificate should be overwritten. This happens if it is the first trusted certificate which will overwrite the default self-signed certificate, or if you have reissued/renewed your certificate. Confirm that the certificate should be overwritten.
The certificate is now installed on the server and assigned to the necessary services. To confirm that it has installed correctly, connect to your server in the browser using the URL of your domain and check the certificate details.