Exporting SSL Certification with private key

Dear All,

I have installed two Exchange 2007 SP1 (CAS Servers) in Windows 2008. I purchase a certification and I imported in the first CAS server, when I try to Imported in the second server, its give the following error MSG:

Enable-ExchangeCertificate : The certificate with thumbprint 8B37C647A15621A2F1 0990A0FE8E131681EBEB08 was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing).

I need to export the certification from server1 and imported in server2 with the private key, how can I do this. Please help

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hayes JupeIT DirectorCommented:
When you created the request on server1, you effectively created the private key, hence when you imported the cert, the private key was already there.

What you need to do is export the certificate, with the private key and import it on server2.

To do this, open an mmc, and add the certificates snap-in, select computer as the context. Navigate to the personal store, where you will see the cert you purchased.  Export the certificate to a file WITH the private key.

Copy the file to server2, open the same MMC and import the cert. then use the powershell to associate the cert to the required services (enable-exchangecertificate)

A couple of points
1) If the servers are only going to be used internally, dont bother with buying a cert from an external publisher, its a waste of money - just use an internal CA
2) You should only be importing each certificate onto a server that has a matching FQDN.... the above is provided incase you have load balanced front-ends or something - but if they are accessed via different fqdn's, you will need certs that match those fqdns.

If you open the certificate that has the private key in it, you wil see it in the bottom of the general tab..something like "this certificate has a private key".

When you export the certificate. I think you have to expoert is as a .pfx file and then chose to export it with the private key. Remember that you HAVE to set a password. It wont work with just a BLANK password. at least that was what microsoft told me.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.