How to work with Exchange and Certificates
There are several ways to obtain a certificate that is installed and operational on Exchange 2007. Your choice of method depends on your needs. Exchange 2007 generates a set of self-signed certificates to enable the default configuration to be secured. This should be renewed over time to help ensure security of the system. Exchange does not automatically generate requests for signing by certificate authorities. Whether you want to create a new self-signed certificate or a certificate request for a certification authority, both methods use the same cmdlet.
This section provides an overview of the operations that you can perform on certificates that are used by Exchange 2007. Read this section if you are not familiar with the ExchangeCertificate cmdlets. Application-specific examples and procedures are provided later in this document, using POP3 as an example. This section also provides links to application-specific documentation.
In earlier versions of Exchange Server, all certificate management was done through IIS and Certificate Manager in MMC. In Exchange 2007, you perform most certificate management tasks that relate to Exchange by using the following ExchangeCertificate cmdlets with the Exchange Management Shell:
- New-ExchangeCertificate This cmdlet generates self-signed certificates and certificate requests for certification authorities.
- Import-ExchangeCertificate This cmdlet imports certificates that have been previously exported and imports certificate files generated by CAs.
- Export-ExchangeCertificate The cmdlet exports certificates for backup or for use on multiple servers.
- Enable-ExchangeCertificate This cmdlet enables specific services on a certificate.
- Get-ExchangeCertificate This cmdlet displays the attributes of a certificate.
- Remove-ExchangeCertificate This cmdlet removes certificates from Exchange Server and the local certificate store.
For more information about how to create certificate requests for certification authorities, see Creating a Certificate or Certificate Request for TLS.
The following sections provide short examples to illustrate how you can use the ExchangeCertificate cmdlets to perform common certificate tasks. For more information and examples, see the ExchangeCertificate cmdlet Help under Global Cmdlets.