Thursday, August 19, 2010

Import and Export Certificate Exchange 2010

Here is the scenario , we are doing migration from Exchange 2003 to Exchange 2010. We have existing certificate called and we wish to move this over to Exchange 2010. 

I think this will be pretty common thing in these type of migrations. One thing I found out supper easy is not to kill yourself to try to share  the existing  cert and the URL being used to access the webmail. For instance if you are using =Valid Cert = Exchange-2003 Server

And as soon as you moved first user on Exchange 2010 , accessing Existing  URL wont work for the user on Exchange 2010.  Here is what I have done couple times to get around this type of issues and make migration pretty seamless to end users (-: …..

I purchased new cert ( GoDady fro $10 bucks) and called it Valid Cert=Exchange 2010


I configured this cert on the E210 server and told costumer everyone who gets migrated on E210 will use this link to access their webmail. This made my job supper easy and at the end of the migration I export the cert from E03 imported into E210 and done with migration.Wink

  • STEP 1:  Export Certificate and Private Key from the IIS 6.0 server

    Create an MMC Snap-in for Managing Certificates:

    1. Start > run > MMC
  • Go into the Console Tab > File > Add/Remove Snap-in
  • Click on Add > Click on Certificates and click on Add
  • Choose Computer Account
  • Choose Local Computer
  • Close the Add Standalone Snap-in window.
  • Click on OK at the Add/Remove Snap-in window



  • Open Certificates Console Tree
  • Go to Personal
  • Right click Certificates
  • Choose ALL TASKS
  • Select Import to start the Certificate Import Wizard
  • Click Browse
  • Locate the .pfx file
  • Click Open
  • Next
  • Finish



After this is completed rest of the work is supper easy go to EMC and drill down to server configuration , you will see the certificate there , just assign services to this certificate to finish the work







Resource Links

Oz Casey, Dedeal
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog (Blog) (Blog)


stealthbits said...

Hello Friends,

During an Exchange 2003 to 2010 transition a legacy namespace is configured for users who are connecting to Exchange 2003 mailboxes. The Exchange Server 2010 SSL certificate includes the legacy name in its Subject Alternative Name field, but this certificate then needs to also be installed on the Exchange 2003 server. Thank you....
Server Auditing Tools

Adi said...


Tee Chess said...

Will the previous certificate work if we migrate to upper version ? The scenario that you have shared made me to think and confused me. You have cleared the doubt in a very easy way. Thanks.
electronic signature FAQ

banlin mithra said...

I too got the same doubt @ Tee Chess.

Exchange Migration

Digital Signature Certificate said...

Thanks for sharing great your information with us. We all like it..