Export the certificate in Exchange Server

We like to export the certificate to Exchange Server and import the certificate into the newly installed Exchange Server. It’s crucial to install an SSL certificate on the Exchange Server to secure the connections between the server and clients. 

how to export certificates in Exchange Server with PowerShell and Exchange Admin Center.

Create shared folder

Sign in to the Exchange Server. This can be the new Exchange Server or one that is already installed and configured. Create a folder on the (C:) drive and give it the name Certs. Right-click the Certs folder and share this folder.

Assign permissions to the folder:

• Your account (administrator) – Permissions Change/Read Allow
• SYSTEM – Permissions Change/Read Allow

Browse to the shared Cert folder path and verify that you can open the folder before proceeding to the next step.

Export Exchange certificate

Starting from Exchange Server 2016 CU23 and later and Exchange Server 2019 CU12 and later, the only option to export the Exchange certificate is with PowerShell (Exchange Management Shell).

Note: To prevent misuse of UNC paths by attackers, Microsoft removed the parameters that take UNC paths as inputs from the Exchange Server PowerShell cmdlets and the Exchange Admin Center. These changes will affect all cumulative update (CU) releases of Microsoft Exchange Server 2019 (CU12 and later) and Microsoft Exchange Server 2016 (CU23 and later). 

Export Exchange certificate with PowerShell

Run Exchange Management Shell as administrator. Next, run the below two commands to export the certificate.

$cert = Export-ExchangeCertificate -Thumbprint 'E0BDD1F47CA74B3FC3E6D84DD4AF86C1E7141DC9' -BinaryEncoded -Password (ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force)
[System.IO.File]::WriteAllBytes('\\ex01-2016\Certs\ExchangeCert.pfx', $cert.FileData)

Export Exchange certificate from Exchange Admin Center

Suppose you have Exchange Server which is not running Exchange Server 2016 CU23 and later or Exchange Server 2019 CU12 and later, you can export the certificate from Exchange Admin Center.

Sign in to Exchange Admin Center. Click servers in the feature pane and click certificates in the tabs. Select the Exchange Server. Click on the Exchange certificate that you want to export.

Click in the toolbar on … (More options) and select Export Exchange Certificate.

Place the path you created in the first step and add a name for the certificate, including .pfx file name extension. In our example, it’s \\EX01-2016\certs\ExchangeCert.pfx. Protect the certificate with a password and click OK.

Verify Exchange certificate export

Browse to the path and verify that the Exchange certificate is exported with success.

That’s it. Did this help you to export the Exchange certificate?

Conclusion

You learned how to export certificates in Exchange Server. Create a shared folder and assign permissions before you start to export the certificate with PowerShell or with the export wizard in Exchange Admin Center.

Remember that in the latest Exchange Server versions, the export certificate functionality in Exchange Admin Center is removed and the only way to export the Exchange certificate is with PowerShell.