• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 381
  • Last Modified:

Anyone have decent "Exchange 2007 Importing an SSL Certificate from a CA" resources?

I got an SSL from a CA.  I went to import it via a technet article on MS's site.  I used the syntax:
import -exchangecertificate -path C:\ssl.cer
And it imported fine, then I restarted the IIS admin service on the server, tested OWA and still got the security error.  I then went back to the technet article and I forgot to add the syntax to enable IIS services.  So then I ran the command again with a different syntax to enable the IIS services, etc:
import-exchangecertificate -path C:\ssl.cer -friendlyna
me "Exchange" | enable-exchangecertificate -services "IIS,POP,IMAP"

And it errors out saying, it's already imported:

Import-ExchangeCertificate : Cannot import as there already is a certificate with a thumbprint of A217402AC2FE28blahblahblah3EB307372F5F87965205.
At line:1 char:27
+ import-exchangecertificate  <<<< -path C:\ssl.cer -friendlyname "Exchange" |
enable-exchangecertificate -services "IIS,POP,IMAP"

So how do I rip out the current SSL cert and import using the correct command?
1 Solution
logicaltechsAuthor Commented:
ooh, i wish it was that easy.  my fault, i forgot to mention that this is IIS7 with server 2008 as the operating system
enable-exchangecertificate -thumbprint blablablablabla -services "IIS,POP,IMAP,SMTP"  ?
If the certificate is appearing in the list, then it was imported correctly, you just need to enable it. However as you haven't stated what error you are getting, unless you are referring to the thumbprint error, then further assistance is going to be difficult.

I will say this though - you cannot just remove the certificate and import what you have received from the third party CA. What you received from the CA is not a standalone file. To work it needs to have a pending request. You have already used that request when you imported the result originally. If you want to replace that certificate then you will need to create a new request and get the CA to issue a new certificate.


Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now