Get-ExchangeCertificate (ExchangePowerShell)

By default, this cmdlet returns the following certificate properties in the summary list view: Thumbprint: The unique digest of the certificate data. An example thumbprint value is 78E1BE82F683EE6D8CB9B9266FC1185AE0890C41. Services: The Exchange services that the certificate is assigned to by using the Enable-ExchangeCertificate cmdlet. Values are None, Federation, IIS, IMAP, POP, SMTP, UM, and UMCallRouter. You'll see the value None in certificates that aren't used with Exchange (for example, the WMSvc-<ServerName> certificate that's used for the IIS Web Management Service). Subject: Contains the X.500 value in the certificate's Subject Name field. The important part is the CN= value. If you append | Format-List to the command, the cmdlet returns these additional certificate properties: AccessRules: Typically, this value is multiple instances of the value System.Security.AccessControl.CryptoKeyAccessRule separated by commas. CertificateDomains: The host names or FQDNs in the certificate's Subject Alternative Name field. HasPrivateKey: Whether or not the certificate contains a private key. IsSelfSigned: Whether or not the certificate is self-signed (not issued by a certification authority). Issuer: Who issued the certificate. NotAfter: The certificate expiration date. NotBefore: The certificate issue date. PublicKeySize: The size of the public key in bytes. RootCAType: The type of CA that signed the certificate. Values are None (this value is found on the Microsoft Exchange Server Auth Certificate, and also new self-signed certificates that you create), ThirdParty, Enterprise, Registry (this value is found on Exchange self-signed certificates), GroupPolicy, or Unknown (this value is found on pending certificate requests). SerialNumber: The unique serial number of the certificate. Status: The status of the certificate. Values are DateInvalid, Invalid, PendingRequest, RevocationCheckFailure, Revoked, Unknown, Untrusted or Valid If you append | Format-List * to the command, the cmdlet returns these additional certificate properties: Archived CertificateRequest: This property contains the hash value of the certificate request. DnsNameList EnhancedKeyUsageList: Typically, this value is Server Authentication (1.3.6.1.5.5.7.3.1). Extensions FriendlyName Handle Identity: This value uses the syntax ServerFQDN\Thumbprint. IISServices IssuerName: Typically, this value is System.Security.Cryptography.X509Certificates.X500DistinguishedName. KeyIdentifier PrivateKey: Typically, this value is System.Security.Cryptography.RSACryptoServiceProvider. PrivateKeyExportable: If this value is True, you can export the certificate from the server. PublicKey: Typically, this value is System.Security.Cryptography.RSACryptoServiceProvider. RawData SendAsTrustedIssuer ServicesStringForm SignatureAlgorithm: Typically, this value is System.Security.Cryptography.Oid. SubjectKeyIdentifier SubjectName: Typically, this value is System.Security.Cryptography.X509Certificates.X500DistinguishedName. Version: Typically, this value is 3. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.