Home Β» Exchange Server Β» PowerShell Script to Generate Exchange Server SSL Certificate Report

PowerShell Script to Generate Exchange Server SSL Certificate Report

In Exchange Server 2007 the Get-ExchangeCertificate cmdlet only allowed us to view the local server’s certificates. But in Exchange Server 2010 Get-ExchangeCertificate has a -Server parameter that allows us to view certificates on remote servers as well.

This means we can run a PowerShell script to collect information about the SSL certificates on all of our Exchange servers, which is useful during Exchange 2013 migration planning.

This script, Get-ExchangeCertificateReport.ps1, is executed from the Exchange Management Shell and produces a HTML report in the same folder where the script is run from.


This script can be downloaded from the TechNet Script Gallery or Github. Feedback and questions are welcome in the comments below.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server


  1. Jacolex says:

    Found one error:
    $certObj | Add-Member NoteProperty -Name “SMTP” -Value $smpt
    should be:
    $certObj | Add-Member NoteProperty -Name “SMTP” -Value $smtp

  2. Hi everyone, sorry about the 404 errors. Some time in the last few days the download system has broken. I’ve replaced the link now with one that should work. Please let me know if you continue to have download problems.

  3. Nic says:

    Hi Paul,

    I ran the script CertificateReport.ps1 but it did not give me the output at all. What did i do wroong. Please replied.

  4. Nic says:

    —- —–
    CLRVersion 2.0.50727.5485
    BuildVersion 6.1.7601.17514
    PSVersion 2.0
    WSManStackVersion 2.0
    PSCompatibleVersions {1.0, 2.0}
    PSRemotingProtocolVersion 2.1

    -I running from desktop right now and planing to automate.
    .CertificateReport.ps1<<<this how i ran

  5. Eddie says:

    What needs to be adjusted to make this work in Exchange 2013?

    Server: SR-xxxxx (Mailbox, ClientAccess)
    Starting a command on the remote server failed with the following error message : The I/O operation has been aborted be
    cause of either a thread exit or an application request. For more information, see the about_Remote_Troubleshooting Hel
    p topic.
    + CategoryInfo : OperationStopped: (sr-xxxxx.domain.lan:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : JobFailure
    + PSComputerName : sr-xxxxx.domain.lan

  6. Rob Hupf says:

    Would it be difficult to have an option to sort the report by expiration date, so that the ones expiring soonest would be at the top of the report? I’m futzing with it now, but so far no luck.

Leave a Reply

Your email address will not be published. Required fields are marked *