How to export an exchange 2007 owa certificate from production to lab environment

10-11  Source: Network gathering  Views:1 

I'm setting up an Exchange 2007 Lab but I have a trouble regarding exchange's certificate
Note: My lab environment is not conected to internet
I've followed the next link but it doesn't work
Once I finished all the steps if I run the next powershell command get-excahangecertificate I see that my exchange certificate has the status as unknown
I'm not sure if the problem is related with the server is not conected to internet, so exchange is not be able to check the status of the certificate.
I've tried to turn off the Check for publisher’s certificate revocation option on the server
To do this, follow these steps.
Start Internet Explorer.
On the Tools menu, click Internet Options.
Click the Advanced tab, and then locate the Security section.
Click to clear the Check for publisher’s certificate revocation check box, and then click OK.
After the update rollup installation is complete, turn on the Check for publisher’s certificate revocation option.
But it still not working
Could anyone help me?
Thanks in advance
Hi Pardo,
According to your description, I understand that the exchange certificate cannot work and display unknown status after import it.
If I misunderstand your concern, please do not hesitate to let me know.
Depending on the results of “Get-ExchangeCertificate | FL”, please pay attention to following points:
1. RootCAType: Registry
“An internal, private PKI root CA that has been manually installed in the certificate store.”
2. Status: Unknown
“This status generally indicates that the status of the certificate cannot be verified because the certificate revocation list (CRL) is unavailable or this server cannot connect to it.”
The reason why it failed is that internal Exchange server cannot connect to CRL. As you mentioned, exchange can’t be able to check the status of the certificate.
More information about Certificate Use in Exchange Server 2007, please refer to
Certificate Fields and Configuring Access to the Certificate Revocation List
section in below link:
However, we can renew a certicate from local CA:
Best Regards,
Allen Wang
Related articles