Microsoft Exchange Server 2007 Support

Backing up and Restoring your Entrust Unified Communications Certificate (UCC):

It is recommended that you backup your certificate and its corresponding private key in the event that there is a hardware failure or other disaster affecting your Exchange Server.

To backup your certificate and private key, you will Export these certificates using the Export-ExchangeCertificate cmdlet. This cmdlet creates either of the following files:

• PKCS #10 file
• PKCS #12 file

If the thumbprint that is specified in the cmdlet, points to a certificate request, the Export-ExchangeCertificate cmdlet creates a PKCS#10 file - also known as your Certificate Signing Request file

If the thumbprint that is specified in the cmdlet, points to an actual certificate, the Export-ExchangeCertificate cmdlet creates a PKCS #12 file.

The thumbprint of the certificate can be displayed by using the Get-ExchangeCertificate cmdlet as shown in the Installing Certificate into Exchange 2007 document.

Exporting (backing up) your Entrust Unified Communications Certificate (UCC):

To export your certificate, use the following command:
Export-ExchangeCertificate -Thumbprint -BinaryEncoded:$true -Path c:\certificates\mail.entrust.com.pfx -Password:(Get-Credential).password

Note:
Please store your keys and password in a secure location.

Export Parameters defined:

Export-ExchangeCertificate — Exports an existing certificate from the certificate store on the local computer

-Thumbprint — Specifies the thumbprint of the certificate that you are exporting. Each certificate contains a thumbprint, which is the digest of the certificate data.

-BinaryEncoded:$true — Specifies how the exported file will be encoded. By default, this cmdlet creates a Base64-encoded file. To create a DER-encoded file, set this parameter to $true

-Path — Specifies a path of the resulting PKCS #10 file or PKCS #12 file. You must specify the name of the file when you use this parameter. For PKCS #10 (certificate request), the extension must be .req. For PKCS #12 (certificate), the extension must be .pfx or .p12. The following code shows examples of a PKCS #10 file or PKCS #12 file respectively:

-Password — Specifies the password for the key that will be exported with this command. Use the Get-Credential cmdlet to store the password variable.

The Get-Credential cmdlet will prompt you for a user name and password, but only the password field is used to export or import the certificate. Therefore, you don't have to use a real domain name or user name in the Name field. See the example for implementation details.

Restoring (importing) your Entrust Unified Communications Certificate (UCC) and private key:

To restore or import your certificate and private key, you will import the certificate using the Import-ExchangeCertificate cmdlet. You will need to have the password used to create the certificate in the Backup/Export procedure.

Import-ExchangeCertificate -Path c:\certificates\mail.entrust.co.pfx -Password:(Get-Credential).password

You will be prompted for a username and password. The username is not important but the password must be the same password as used in the backup/Export procedure.

Import Parameters defined:

Import-ExchangeCertificate — Imports a certificate or chain of certificates that have been issued from a certification authority. To import an existing certificate and private key from a PKCS #12 (.pfx or .p12) file to the certificate store on the local computer.

• New - Extended Validation SSL