Ok, this is what I came up with. Worked perfectly. 
> $SourceServer = "Exchange1"
> $DestinationServer = "Exchange2"
> $SearchDomain = "exchange.yourdomain.com"
> $FilePath = "C:\Exchange.pfx"
> $EnableServices = "IIS,SMTP,IMAP, POP"
>
> #Add the Exchange snapin
> Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
>
> # Find out how many matching certificates we have - the first one is always the one Exchange is currently using
> $Count = (Get-ExchangeCertificate -Server $SourceServer -DomainName $SearchDomain).Thumbprint.Count
>
> # Throw error if nothing is returned, grab the thumbprint if only 1 is found, grab the first entry in the array if more than 1 is found
> Switch ($Count)
> {
> 0 { "ERROR: No certificate found!"; Break }
> 1 { $Thumbprint = (Get-ExchangeCertificate -Server $SourceServer -DomainName $SearchDomain).Thumbprint }
> Default { $Thumbprint = (Get-ExchangeCertificate -Server $SourceServer -DomainName $SearchDomain).Thumbprint[0] }
> }
>
> Write-Host "Source Server: " $SourceServer
> Write-Host "Destination Server: " $DestinationServer
> Write-Host "Search Domain: " $SearchDomain
> Write-Host ""
> Write-Host "Thumbprint for active certificate on source server: " $Thumbprint
>
> # Export current certificate from source server
> # Export-ExchangeCertificate -Thumbprint $Thumbprint -Server $SourceServer -BinaryEncoded:$true -Password (ConvertTo-SecureString -String "Password1" -AsPlainText -Force) -Filename $FilePath
>
> # Import exported certificate into destination server
> # Import-ExchangeCertificate -Server $DestinationServer -Filename $FilePath -Password (ConvertTo-SecureString -String "Password1" -AsPlainText -Force)
>
> # Enable services on destination server
> Enable-ExchangeCertificate -Thumbprint $Thumbprint -Server $DestinationServer -Services $EnableServices -Force -ErrorAction Stop
I will probably add in the old certificate cleanup code, so I donβt end up with a zillion expired certificates being kept. 