Installation Instructions for Microsoft Exchange 2007

Solution ID:    SO14293    Updated:    05/27/2014


This document provides instructions for installing an SSL certificate on Microsoft Exchange 2007. If you are unable to use these instructions for your server, RapidSSL recommends that you contact Microsoft.
This solution contains two Methods to install your SSL Certificate:

Method 1: Installing the certificate received via e-mail.
Method 2 (recommended): Installing the certificate downloaded from the RapidSSL User Portal.
Method 1: Download and Install SSL certificate sent via e-mail

Step 1: Obtain the SSL certificate sent via email:

    1.    The RapidSSL certificate will be sent by email.
    2.    Copy the certificate imbedded in the body of the email and paste it into a text file
           using Vi or Notepad.

           The text file should look like:

            -----BEGIN CERTIFICATE-----

                     [encoded data]

            -----END CERTIFICATE-----

    3.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
           that no white spaces, extra line breaks or additional characters have been inadvertently added.
    4.    Save the certificate filename with the .cer extension. For example: public.cer

Step 2: Download and Install the Intermediate CAs:

          To download and install the Intermediate CAs follow the steps from this link: SO16588

Step 3: Install the SSL certificate:
          To proceed with the installation steps for your SSL certificate click here
Step 1: Download the SSL certificate from RapidSSL User Portal:

           Note: Download the certificate from the RapidSSL User Portal by
           following the steps from this link: SO16222

           Make sure you download the certificate in PKCS#7 format and save it with the extension .txt or .p7b.

Step 2: Install Certificate

To install the SSL certificate into a Microsoft Exchange 2007 server, you will need to use the Exchange
Management Shell (EMS). 

    1.    Copy the SSL certificate file, for example newcert.p7b and save it to
           C:\ on your Exchange server.
    2.    Open the EMS: Click Start > Programs > Microsoft Exchange Server 2007> EMS.
    3.    Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together
           (both commands are run on the same line, separated by a pipe character).

           Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate -Services
           "SMTP, IMAP, POP, IIS" 

           Note: The Services option can be any combination of these values: IMAP, POP, UM, IIS, SMTP.
           To disable a certificate, set the Services parameter to 'None'. For more information regarding
           the Exchange commands, refer to this Microsoft Knowledge base article.
    4.    Verify that the certificate is enabled by running the Get-ExchangeCertificate command.

           C:\> Get-ExchangeCertificate -DomainName


    5.    In the Services column, letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS).

           Note: If the certificate is not properly enabled, re-run the Enable-ExchangeCertificate
           command by pasting the thumbprint of the certificate as the -ThumbPrint argument such as:

            Enable-ExchangeCertificate -ThumbPrint [paste] -Services "SMTP, IMAP, POP, IIS"

    6.    Test the certificate by connecting to the server with Internet Explorer, ActiveSync, or Outlook.  
            You may also use the RapidSSL Installation Checker

 If using ISA 2004 or ISA 2006, a reboot is recommended. It has been reported that ISA
            services won't send the intermediate certificate until after a reboot.


             For more information regarding the Exchange Management Shell, refer to Microsoft Support

Legacy ID


Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Knowledge Center

Search Tips