Exporting SSL Certification with private key

Posted on 2008-11-09
Last Modified: 2012-05-05
Dear All,

I have installed two Exchange 2007 SP1 (CAS Servers) in Windows 2008. I purchase a certification and I imported in the first CAS server, when I try to Imported in the second server, its give the following error MSG:

Enable-ExchangeCertificate : The certificate with thumbprint 8B37C647A15621A2F1 0990A0FE8E131681EBEB08 was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing).

I need to export the certification from server1 and imported in server2 with the private key, how can I do this. Please help

Question by:devdept
    LVL 15

    Expert Comment

    When you created the request on server1, you effectively created the private key, hence when you imported the cert, the private key was already there.

    What you need to do is export the certificate, with the private key and import it on server2.

    To do this, open an mmc, and add the certificates snap-in, select computer as the context. Navigate to the personal store, where you will see the cert you purchased.  Export the certificate to a file WITH the private key.

    Copy the file to server2, open the same MMC and import the cert. then use the powershell to associate the cert to the required services (enable-exchangecertificate)

    A couple of points
    1) If the servers are only going to be used internally, dont bother with buying a cert from an external publisher, its a waste of money - just use an internal CA
    2) You should only be importing each certificate onto a server that has a matching FQDN.... the above is provided incase you have load balanced front-ends or something - but if they are accessed via different fqdn's, you will need certs that match those fqdns.
    LVL 6

    Accepted Solution


    If you open the certificate that has the private key in it, you wil see it in the bottom of the general tab..something like "this certificate has a private key".

    When you export the certificate. I think you have to expoert is as a .pfx file and then chose to export it with the private key. Remember that you HAVE to set a password. It wont work with just a BLANK password. at least that was what microsoft told me.


    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Email statistics and Mailbox database quotas You might have an interest in attaining information such as mailbox details, mailbox statistics and mailbox database details from Exchange server. At that point, knowing how to retrieve this information …
    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
    This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now