Exporting SSL Certification with private key

Posted on 2008-11-09
Medium Priority
Last Modified: 2012-05-05
Dear All,

I have installed two Exchange 2007 SP1 (CAS Servers) in Windows 2008. I purchase a certification and I imported in the first CAS server, when I try to Imported in the second server, its give the following error MSG:

Enable-ExchangeCertificate : The certificate with thumbprint 8B37C647A15621A2F1 0990A0FE8E131681EBEB08 was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing).

I need to export the certification from server1 and imported in server2 with the private key, how can I do this. Please help

Question by:devdept
LVL 15

Expert Comment

ID: 22919661
When you created the request on server1, you effectively created the private key, hence when you imported the cert, the private key was already there.

What you need to do is export the certificate, with the private key and import it on server2.

To do this, open an mmc, and add the certificates snap-in, select computer as the context. Navigate to the personal store, where you will see the cert you purchased.  Export the certificate to a file WITH the private key.

Copy the file to server2, open the same MMC and import the cert. then use the powershell to associate the cert to the required services (enable-exchangecertificate)

A couple of points
1) If the servers are only going to be used internally, dont bother with buying a cert from an external publisher, its a waste of money - just use an internal CA
2) You should only be importing each certificate onto a server that has a matching FQDN.... the above is provided incase you have load balanced front-ends or something - but if they are accessed via different fqdn's, you will need certs that match those fqdns.

Accepted Solution

Pret0rian earned 1500 total points
ID: 22919852

If you open the certificate that has the private key in it, you wil see it in the bottom of the general tab..something like "this certificate has a private key".

When you export the certificate. I think you have to expoert is as a .pfx file and then chose to export it with the private key. Remember that you HAVE to set a password. It wont work with just a BLANK password. at least that was what microsoft told me.


Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question