Install an SSL certificate on Exchange 2007

The Microsoft Exchange mail server is renewed approximately every three years: Exchange 2000, 2003, 2007, 2010, 2013, 2016. Of course, it is advisable to use the latest version but it is not easy to migrate a production server as sensitive as the one that manages emails in the company.

The use of a cluster that includes several Exchange is not easier to update, which is why many organizations are still running Exchange 2010 or even 2007, although official Microsoft support is complete on this version of the server operating system. And since it is necessary to continue to protect flows, the installation of a certificate SSL is always available on Internet Information Services (IIS ) to secure Exchange or a website.

This tutorial describes how to install a (new) certificate SSL for Exchange 2007 on a Windows Server with IIS . Of course, the procedure is almost equivalent with other versions of Microsoft Exchange.

Microsoft Exchange 2007: setting up a certificate SSL / TLS

1. Once the certificate has been downloaded to the Symantec, Digicert, GoDaddy or other account, copy the files (p7b, pxf…) to the Microsoft Exchange server’s hard disk.

2. Start Exchange Management Shell (Start menu, Programs, Microsoft Exchange Server 2007).

3. Copy and paste this command by adapting the path and filename:

Import-ExchangeCertificate -Path C:\certificatssl.p7b | Enable-ExchangeCertificate -Services “.SMTP , IMAP , POP , IIS ” 

Also adapt the services on which to install the new certificate SSL depending on the use made of this Exchange server.

4. Once the order is executed, the certificate is in place. Check that it is taken into account by another PowerShell command:

  Get-ExchangeCertificate -DomainName 

By modifying the domain name (after DomainName).

tutoriel ssl exchange powershell

5. The Services column shows what has been configured:

  • S : SMTP
  • I : IMAP
  • P : POP 3
  • W: Web (IIS )


If the certificate is not correctly installed, the Enable-ExchangeCertificate command can be restarted by indicating the thumbprint of the certificate, which can be found in the details of the certificate file.

  Enable-ExchangeCertificate -ThumbPrint [empreinte]  Services " - ServicesSMTP , IMAP , POP , IIS " 

Where [empreinte] is the long series of numbers and letters, without spaces.

Test the certificate SSL / TLS

You can use a service like Symantec CryptoReport to validate the new certificate SSL / TLS :

certificat ssl tls