This document provides instructions for installing an SSL certificate on Microsoft Exchange 2007. If you are unable to use these instructions for your server, RapidSSL recommends that you contact Microsoft.
|This solution contains two Methods to install your SSL Certificate:
Method 1: Installing the certificate received via e-mail.
Method 2 (recommended): Installing the certificate downloaded from the RapidSSL User Portal.
Method 1: Download and Install SSL certificate sent via e-mail
Step 1: Obtain the SSL certificate sent via email:
1. The RapidSSL certificate will be sent by email.
2. Copy the certificate imbedded in the body of the email and paste it into a text file
using Vi or Notepad.
The text file should look like:
3. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
that no white spaces, extra line breaks or additional characters have been inadvertently added.
4. Save the certificate filename with the .cer extension. For example: public.cer
Step 2: Download and Install the Intermediate CAs:
To download and install the Intermediate CAs follow the steps from this link: SO16588
Note: Download the certificate from the RapidSSL User Portal by
following the steps from this link: SO16222
Make sure you download the certificate in PKCS#7 format and save it with the extension .txt or .p7b.
To install the SSL certificate into a Microsoft Exchange 2007 server, you will need to use the Exchange
Management Shell (EMS).
1. Copy the SSL certificate file, for example newcert.p7b and save it to
C:\ on your Exchange server.
2. Open the EMS: Click Start > Programs > Microsoft Exchange Server 2007> EMS.
3. Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together
(both commands are run on the same line, separated by a pipe character).
Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate -Services
"SMTP, IMAP, POP, IIS"
Note: The Services option can be any combination of these values: IMAP, POP, UM, IIS, SMTP.
To disable a certificate, set the Services parameter to 'None'. For more information regarding
the Exchange commands, refer to this Microsoft Knowledge base article.
4. Verify that the certificate is enabled by running the Get-ExchangeCertificate command.
C:\> Get-ExchangeCertificate -DomainName your.domain.name
5. In the Services column, letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS).
Note: If the certificate is not properly enabled, re-run the Enable-ExchangeCertificate
command by pasting the thumbprint of the certificate as the -ThumbPrint argument such as:
Enable-ExchangeCertificate -ThumbPrint [paste] -Services "SMTP, IMAP, POP, IIS"
6. Test the certificate by connecting to the server with Internet Explorer, ActiveSync, or Outlook.
You may also use the RapidSSL Installation Checker
Note: If using ISA 2004 or ISA 2006, a reboot is recommended. It has been reported that ISA
services won't send the intermediate certificate until after a reboot.
For more information regarding the Exchange Management Shell, refer to Microsoft Support