Exporting and Importing Exchange Server 2016 SSL Certificates
When you migrate to a newer Exchange Server or rebuild an Exchange server from scratch, you need to install the server certificates to secure the communications. You also need to install a new Client Access Server (CAS) in your environment with a clustered setup. You would still need to export the certificate from the current server and install it in the new.
In an Exchange Server setup, it is strongly recommended not to rely on the self-signed certificates and always have a certificate from a known certificate authority. When the migration is complete or you added another Exchange Server in your environment, all the configurations are transferred, except the certificates. This would need to be manually done.
In this article, we will be going through the process of exporting certificates from a server and import them accordingly into the additional or new server in your environment.
Steps to export the certificates from a server and import them into new/another server:
· Open the Exchange Admin Center (EAC) and enter your administrative account.
· Click Sign in.
· Click on Servers.
· Click on Certificates.
· Click on the certificate to export.
· Click on the more options button (with three dots).
· Click on Export Exchange Certificate.
· Once you click on the button, you will be prompted to give the location to save the certificate and the password assigned to the export. This password will be used on the destination server to import the certificate. It’s not a requirement but it is strongly suggested to setup a password.
· You will also notice the bubble next to the destination location.
· As you can see, the path cannot be a drive letter but a share. So you cannot export to D:\certficate-export. You will need to save it to a network share on the same server or file server which your user has access to. You will also need to specify the filename and the extension as PFX. Otherwise, you will get an error.
· Once ready, click OK. The file will be saved to the location specified.
· To import the certificate to another server, you will need to follow the same steps as you performed for the export but when you click on the more options, you will need to click on Import Exchange Certificate.
· You will need to specify the network path and file name of the certificate as you did in the export and enter the password.
· When all is good, click on Next.
· On the next screen, you can specify the servers to install it by clicking on the + button. If you have a cluster setup, you can import the certificate on multiple servers.
· Once ready, click on Finish.
What to do if problem arises?
There could be a problem with the certificate or an issue might occur during the import of the certificate, such as there could be a mailbox move or the certificate has expired. Even there could be issues with the Exchange Server that may prevent you to export or import certificates.
In a scenario where the server needs to be reconfigured or reinstalled, due to issues, without losing any data, it is recommended to make use of a good application to ensure that no data is lost.
In a normal scenario, you would restore the last healthy backup and try the process again. However, this means that any new data from the backup until the issue was discovered will be lost. Exchange Server doesn’t offer a way to just attach its databases to a new server. Since the databases are per version and per Exchange Server Setup, natively there is no application that can open or retrieve data from an Exchange Server database if the database or the Exchange Server is not online.
With EDB to PST converter, such as Stellar Converter for EDB, you can open multiple EDB files from any version of Exchange Server. You will be able to see all the data in an Outlook-like view and browse through all the folders, calendar, tasks, contact, and journals, with a full HTML view of the objects. You can also export mailboxes, shared mailboxes, disabled mailboxes, and public folders to PST and other formats, like EML, MSG, HTML and PDF, with ease and without having an Exchange Server installed. In cases where you had to rebuild the Exchange Server, you can directly export all the data granularly to the live Exchange Server database.
Stellar Converter for EDB also comes with some nifty features, like parallel export (for performance and speed), VIP export (which lets you export the important accounts first), and continue the export if the application is interrupted. You can also use Stellar Converter for EDB as a migration tool to migrate to Office 365 as it allows to directly export mailboxes or public folders to the Office 365 tenant.
