During an Exchange 2003 to 2010 transition a legacy namespace is configured for users who are connecting to Exchange 2003 mailboxes. The Exchange Server 2010 SSL certificate includes the legacy name in its Subject Alternative Name (SAN) field, but this certificate then needs to also be installed on the Exchange 2003 server.
Export the Certificate from Exchange Server 2010
To export the certificate from Exchange Server 2010 launch the Exchange Management Shell and run the following commands.
First determine the thumbprint of the SAN certificate that is installed.
Thumbprint Services Subject
---------- -------- -------
E8D129180C1334D50DBE17A26795BEE0A0AEA9B3 ...WS. CN=mail.contoso.local, OU=IT Dept, O=Contoso Pty Ltd, L=Brisban...
C5C2B0F04397D1C2C2C9834C48B268EA53F835B4 IP..S. CN=ex2010
In this example the thumbprint is “E8D129180C1334D50DBE17A26795BEE0A0AEA9B3”.
Next export the certificate to a file by running the following command.
$file = Export-ExchangeCertificate -Thumbprint E8D129180C1334D50DBE17A26795BEE0A0AEA9B3 -BinaryEncoded:$true -Password (Get-Credential).password
A popup dialog appears for you to enter a password to protect the private key. The username field is not important but requires something to be entered in it for the dialog to accept, so just enter “username” and then a strong password.
Next run the following command to generate the file.
Set-Content -Path "C:Adminex2010cert.pfx" -Value $file.FileData -Encoding Byte
Copy the file to the Exchange Server 2003 server.
Import the Certificate on the Exchange 2003 Server
On the Exchange 2003 server launch mmc.exe and add the Certificates snap-in to the console, choosing the “Computer account” context.
Choose Local Computer and then click Finish, Close, and OK to return to the console.
Right-click Personal and choose All Tasks –> Import. Step through the Certificate Import Wizard choosing the certificate file that was copied from the Exchange Server 2010 server.
Enter the password that you used when the certificate was exported from Exchange Server 2010.
Place the certificate in the Personal certificate store.
Complete the wizard and confirm that the import was successful.