none
Export Exchange 2007 Certificate from one Server to Another & Demote Old Server RRS feed

  • Question

  • Afternoon all

    I am trying to work out the best method for this secenario i have.

    I have two DC's both with exchange 2007 on (i am aware this is not best practice but this is the setup the client already has) and im wanting to get rid of one.

    The DC i want to get rid of holds the exchange certificates for authentication with the clients, and i have found which exact certificate this is. It's a self signed certificate and i have looked into exporting this certificate from this server and importing into the server i wish to keep.

    Not knowing much knowledge on this, i thought if i export the certificate from the old server into the new then turn it off, its not going to work anyway? is it worth me creating a new certificate on the server im keeping and setting up the clients to point to this? If this is the case does anyone have a guide on how i would go about doing this?

    Both servers are Server 2008 with Exchange 2007.

    Regards

    Mike

    Thursday, June 30, 2016 1:10 PM

Answers

  • Hi,

    You may export the certificate as follows

    1. Open Exchange Management Shell and type

    $pwd= Read-Host "Enter Password" -AsSecureString

    2. Enter any password

    3. Type the following with the thumbprint of the certificate you identified

    Export-ExchangeCertificate -Thumbprint "Thumbprintof the certificate" -Password $pwd -Path c:\cert.pfx

    4. It will export the certificate in the path c:\cert.pfx

    5. Use it in new server

    If you wanted to use a new certificate there, that is also simple.

    1. Type the cmdlet in new server

    New-ExchangeCertificate

    2. Note the thumbprint of the certificate

    3. Type as follows with all the services required (POP,IMAP,SMTP,IIS)

    Enable-ExchangeCertificate – Thumbprint “Thumbprint” –Services IIS’


    Regards From: Exchange Online | Windows Administrator's Area

    Thursday, June 30, 2016 1:28 PM
  • Hi Mike,

    Welcome to our forum.

    When you install every Exchange, it will generate a self-signed certificate, it means two Exchange servers have own self-signed certificate, we need not to export and import self-signed certificate. If you use third party certificate, please refer to ManU’s suggestion to export and import Exchange server, it will not be any effects when demote old server.

    In addition, we suggest you don’t install Exchange on domain controller.

    Best Regard,

    Jim Xu

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Friday, July 1, 2016 2:54 AM
    Moderator

All replies

  • Hi,

    You may export the certificate as follows

    1. Open Exchange Management Shell and type

    $pwd= Read-Host "Enter Password" -AsSecureString

    2. Enter any password

    3. Type the following with the thumbprint of the certificate you identified

    Export-ExchangeCertificate -Thumbprint "Thumbprintof the certificate" -Password $pwd -Path c:\cert.pfx

    4. It will export the certificate in the path c:\cert.pfx

    5. Use it in new server

    If you wanted to use a new certificate there, that is also simple.

    1. Type the cmdlet in new server

    New-ExchangeCertificate

    2. Note the thumbprint of the certificate

    3. Type as follows with all the services required (POP,IMAP,SMTP,IIS)

    Enable-ExchangeCertificate – Thumbprint “Thumbprint” –Services IIS’


    Regards From: Exchange Online | Windows Administrator's Area

    Thursday, June 30, 2016 1:28 PM
  • Hi Mike,

    Welcome to our forum.

    When you install every Exchange, it will generate a self-signed certificate, it means two Exchange servers have own self-signed certificate, we need not to export and import self-signed certificate. If you use third party certificate, please refer to ManU’s suggestion to export and import Exchange server, it will not be any effects when demote old server.

    In addition, we suggest you don’t install Exchange on domain controller.

    Best Regard,

    Jim Xu

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Friday, July 1, 2016 2:54 AM
    Moderator