asked on

Import-ExchangeCertificate throws error - won't allow third-part cert

Folks,

I generated a SAN cert request using the New-ExchangeCertificate cmdlet. I have the third-party cert (A SAN from Verisign) but when I run Import-ExchangeCertificate, it throws this error:

***SNIP***

[PS] C:\>Import-ExchangeCertificate -Path c:\CAS_SAN_cert.p7b | Enable-ExchangeCertificate -Services
IIS
Import-ExchangeCertificate : Cannot import as there already is a certificate with a thumbprint of 1
88590E94878478E33B6194E59FBBB28FF0888D5.
At line:1 char:27
+ Import-ExchangeCertificate <<<< -Path c:\CAS_SAN_cert.p7b | Enable-ExchangeCertificate -Services
IIS

***SNIP***

Any ideas?

-Greg

kristinaw

this looks eerily similar to a question i posted a response to earlier. have you responded to that post yet?

kris.

stockampsupport

ASKER

Um... link me. What post? Help me help you help me my fine IT professional.

stockampsupport

ASKER

I think I found the question you referred to:

https://www.experts-exchange.com/questions/23283498/Help-Cannot-Install-new-3rd-Party-Cerficate-Exchange-2007.html?sfQueryTermInfo=1+certif+remov+thumbprint

I tried the remove-exchangecertificate thumbprint: x

It's gone when I run get-exchangecertificate | FL but I still can't import. It throws the same error! Thoughts?

kristinaw

pull up the certificate store for the local computer account through the mmc (start > run > mmc > add > certificates > computer)

look for the cert in there, if you find it, remove it. check the same for the user account you're working with. once you're sure its removed, retry the import.

kris.

ASKER CERTIFIED SOLUTION

stockampsupport

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial