AITEC Wiki

Assigner les services exchange a un certificat

Assign Services to a Certificate with PowerShell

To assign services using PowerShell, we will need to capture the thumbprint of our new certificate. To do this, we will need to first run the Get-ExchangeCertficate command.

 C:\> Get-ExchangeCertificate | Format-Table Subject, Thumbprint

Subject                        Thumbprint
-------                        ----------
CN=mail.exchangeservergeek.com B26C3C9B30A2A7371767275043816466CB921738
CN=EX19-01                     C232F4D642F74B9DC7E4ED33D4AB56E68C10CA76
CN=Microsoft Exchange Serve... 411A27BA64FD140523E4D1CF088589C228CA9C5E
CN=WMSvc-SHA2-EX19-01          D894B092E2ABE925E7104A0C9DFF6C448182CA30

From the example above, we can see the thumbprint for mail.exchangeservergeek.com is B26C3C9B30A2A7371767275043816466CB921738. Now that we have our thumbprint, we can use the Enable-ExchangeCertificate command.

 C:\> Enable-ExchangeCertificate -Server EX19-01 -Thumbprint B26C3C9B30A2A7371767275043816466CB921738 -Services IIS,SMTP

In this command:

  • Server specifies which server you want the action performed against. If you omit this parameter, the action is performed against the server where PowerShell is connected.
  • Thumbprint specifies the certificate to configure via its thumbprint
  • Services define which components you want to use the certificate with (e.g. IIS, SMTP, POP, IMAP, etc.)

If you specified SMTP as a service to add to the new certificate, you will be prompted on whether to overwrite the existing default SMTP certificate. Enter Y and press Enter.

Overwrite the existing default SMTP certificate?
Current certificate: '5FA62F11B524678090B752F48E207DEC3A0DFF46'
Replace it with certificate: 'B26C3C9B30A2A7371767275043816466CB921738'
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is Y): Y

To verify the services have been assigned, run the Get-ExchangeCertificate command.

 C:\> Get-ExchangeCertificate | Format-Table Subject, Services

Subject                                                   Services
-------                                                   --------
CN=mail.exchangeservergeek.com                           IIS, SMTP
CN=EX19-01                                               IIS, SMTP
CN=Microsoft Exchange Server Auth Certificate                 SMTP
CN=WMSvc-SHA2-EX19-01                                         None

The services column indicates what services are currently assigned to the certificate. In the example above, IIS and SMTP have been assigned to the mail.exchangeservergeek.com certificate. Other possibilities include POP, IMAP, and Federation. For Exchange 2016, Unified Messaging is an additional option (no longer supported in Exchange 2019).

François

0
Quick Links