As you probably know, Exchange 2007 certificate management was done in powershell. Luckily we have some tools available to help us with the creation of these Powershell Commandlets to generate certificates.
Exchange 2010 not only allows you to manage certificates via Powershell but also via the GUI
See the following article for Certificates via the GUI
This article discusses the differences in Powershell Certificate Creation Exchange 2007 vs Exchange 2010
Digicert has a great tool for generating the powershell script required to generate a Certificate
Let’s create a certificate in Exchange 2010 Exchange Management Shell
A positional parameter cannot be found that accepts argument '-Path'.
+ CategoryInfo : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate
The Powershell command fails! What is happening?
Well, the parameters for New-ExchangeCertificate have changed. The “-Path” parameter has been removed from the parameter list.
Check the Technet page : New-ExchangeCertificate (Exchange 2010 Help)
Now Digicert has a new Exchange 2010 CSR Command Wizard
Let’s run this new Command in the Exchange 2010 Command Shell
That works fine but we have no file that is created. Now we could copy & paste the certificate information from the prompt into a text file and hope that formatting is OK.
The Exchange 2010 New-Certificate help on Technet explains that we have to do this in two steps. First a certificate must be created (like the screenshot) and then this information must be saved into a file.
So Let’s do this:
First we need to create the Certificate and save the information into a variable ($Data in this case)
$Data = New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=BE, s=Brussels, l=Brussels, o=Johan Delimon, ou=Pro-Exchange, cn=www.pro-exchange.be" -DomainName www.pro-exchange.be, mail.pro-exchange.be, autodiscover.pro-exchange.be -PrivateKeyExportable $True
Then we must save this content to a file:
Set-Content -path "c:\www_pro-exchange_be.req" -Value $Data
The same result can be accomplished from a single command like this:
Set-Content -path "c:\www_pro-exchange_be.req" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=BE, s=Brussels, l=Brussels, o=Johan Delimon, ou=Pro-Exchange, cn=www.pro-exchange.be" -DomainName www.pro-exchange.be, mail.pro-exchange.be, autodiscover.pro-exchange.be -PrivateKeyExportable $True)
Importing Certificates is quite similar and has also a two step approach
Check the Technet page : Import-ExchangeCertificate (Exchange 2010 Help)
Import-ExchangeCertificate -FileData ([Byte]$(Get-Content -Path c:\www_pro-exchange_be.cer -Encoding byte -ReadCount 0))