No announcement yet.

Certificate for Exchange pfx/crt/cer

  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate for Exchange pfx/crt/cer

    Good morning!

    I'm trying to get an SSL certificate for Exchange to secure OWA and OA.

    After going through and following this tutorial:
    i find myself with a certificate from certificates for exchange, but it's in the format of a crt.

    Is this the right format? The tutorial mentions a pfx, which was not included in the zip file I received.
    Can a .crt certificate be imported into exchange?
    Does it include the private key?
    What are the differences between crt/cer/pfx files?

    Thank you for your help!

  • #2
    Re: Certificate for Exchange pfx/crt/cer


    It's fine, you can simply import it as a CER, CRT or PFX via the command line. I usually get crt's back from my supplier, pfx is a format you can export from IIS.

    Import-ExchangeCertificate -Path c:\cert.crt | Enable-ExchangeCertificate -Services IIS, POP, IMAP

    If this comes up with an error about a private key , you need to repair the certificate store. Right click the certificate in IIS, find its serial number and paste it in to replace the X's i nthe following command, run that command in DOS.

    certutil -repairstore my "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" my

    Hope this helps.

    You can view certificates by running mmc, add certificates to the templates, view "computer account" certificates, and then see the list,t here will be an exchange self generated certificate and the new one you have imported. Make sure its got a gold coloured key next to it


    • #3
      Re: Certificate for Exchange pfx/crt/cer

      CRTs can be imported though the gui if you want. Just change the file type to all. Everything will work. Make sure you know where you are putting your certificates!


      • #4
        Re: Certificate for Exchange pfx/crt/cer

        Thanks for the replies guys.

        I had been confused as it was my understand at the time that as a pfx includes the private key, i thought I needed that. I understand now that as the csr was generated using the exchange servers private key, i only needed the crt.

        I have imported the certificate using the rest of the steps and all seems well.

        Thanks for your help!