On a weekly basis, I perform upgrades from Exchange 201x to Office 365. Every once in a while I come upon an error or trick that has resolved the issue and allowed a project to proceed. Recently during a migration from Exchange 2010 to Exchange 2016, we experienced an issue exporting the SSL Certificate from Exchange 2010. Normally I can go to the Certificates MMC and export the certificate with ‘Copy to File’. However, in this migration the certificate did not have an exportable key…. well, that prevents us from moving the certificate to Exchange 2016. The confusing part was that the key was present…
Exporting failed to allow the private key to be exported:
Open up the Exchange 2010 Management Console. Expand the navigation pain until ‘Servers’ is visible. Then click on ‘Servers’. The in the window to the right, right-click on the certificate you wish to export and select ‘Export Exchange Certificate’.
Then provide a path for the file as well as a password for the export:
Open up the Exchange Management Shell and run
‘Get-ExchangeCertificate -Server | FL’
This cmdlet will provide a list of all the certificates on the server. Pick the certificate that needs to be exported from Exchange 2010 and imported into Exchange 2016.
Then run the below cmdlet, supplying the certificates Thumbprint, server name, password (‘string’) and exported file name.
Export-ExchangeCertificate -Server -Thumbprint EC5AD6D4D50F8131C3184D2D8C0C2210362B7B96 -FileName “C:\Downloads\Domain.pfx” -BinaryEncoded -Password (ConvertTo-SecureString -String ‘3xch@ng31sb35t’ -AsPlainText -Force)
Either of the two above options should work for your migration. With a successful export, the certificate can now be imported into Exchange 2016 and allow a migration to proceed.
That’s it. Now we have a certificate that can be imported into Exchange 2016.