Generate and import commands differences between exchange 2007 & 2010

During a project of my work. When I were installing an Exchange 2010 server. Used I a manual which some colleagues of my made. But during this installation and at the point of the certificate installation and generation I figured out that they used the Exchange 2007 powershell commands instead of the also available Exchange 2010 commands. Below I have written down the differences between these to powershell versions / commands to generate and import a new certificate.

The explanation is written below.

How to generate a certificate difference.

Exchange 2007 command to generate certificate

New-ExchangeCertificate -DomainName autodiscover.<domain name>, <server FQDN name> -Force -FriendlyName <server name> -GenerateRequest:$True -Keysize 2048 -Path c:\<certificate file name> -privatekeyExportable:$true -SubjectName “C=NL, O=< Your Organization >., L=Berkel-Enschot, S=NB, CN=webmail.<domain name>”

Exchange 2010 command to generate certificate

Set-Content -path “C:\<certificate name>” -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName “c=NL, s=NB, l=Berkel-Enschot, o=<Your Organization, ou=IT, cn=<domain name>” -DomainName <local FQDN servername >, autodiscover.<domain name>, webmail.<domain name> -PrivateKeyExportable $True)

Different ways to Import Certificates

Exchange manager shell 2007 command

Import-ExchangeCertificate -Path c:\<certificate-id>.crt | Enable-ExchangeCertificate -Services “POP, IMAP, IIS, SMTP”

Exchange manager shell 2010 commands

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\<certificate-id>.crt  -Encoding byte -ReadCount 0))

Enable-ExchangeCertificate <thumbprint-number> -Services “POP, IMAP, IIS, SMTP”

Get-ExchangeCertificate ( check for thumbprint )

To check if the certificate is changed in IIS7 on Windows server 2008 R2. You will have to go to the properties of IIS 7.


=> on Main level ( you will find server certificates, you can check here the installed certificates. )
=> at default web sites
=> you have to look at bindings and there  you can see which certificate is in use.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s