Anyone have decent "Exchange 2007 Importing an SSL Certificate from a CA" resources?

Posted on 2009-02-17
Last Modified: 2012-05-06
I got an SSL from a CA.  I went to import it via a technet article on MS's site.  I used the syntax:
import -exchangecertificate -path C:\ssl.cer
And it imported fine, then I restarted the IIS admin service on the server, tested OWA and still got the security error.  I then went back to the technet article and I forgot to add the syntax to enable IIS services.  So then I ran the command again with a different syntax to enable the IIS services, etc:
import-exchangecertificate -path C:\ssl.cer -friendlyna
me "Exchange" | enable-exchangecertificate -services "IIS,POP,IMAP"

And it errors out saying, it's already imported:

Import-ExchangeCertificate : Cannot import as there already is a certificate with a thumbprint of A217402AC2FE28blahblahblah3EB307372F5F87965205.
At line:1 char:27
+ import-exchangecertificate  <<<< -path C:\ssl.cer -friendlyname "Exchange" |
enable-exchangecertificate -services "IIS,POP,IMAP"

So how do I rip out the current SSL cert and import using the correct command?
Question by:logicaltechs
    LVL 16

    Expert Comment


    Author Comment

    ooh, i wish it was that easy.  my fault, i forgot to mention that this is IIS7 with server 2008 as the operating system
    LVL 14

    Expert Comment

    enable-exchangecertificate -thumbprint blablablablabla -services "IIS,POP,IMAP,SMTP"  ?
    LVL 65

    Accepted Solution

    If the certificate is appearing in the list, then it was imported correctly, you just need to enable it. However as you haven't stated what error you are getting, unless you are referring to the thumbprint error, then further assistance is going to be difficult.

    I will say this though - you cannot just remove the certificate and import what you have received from the third party CA. What you received from the CA is not a standalone file. To work it needs to have a pending request. You have already used that request when you imported the result originally. If you want to replace that certificate then you will need to create a new request and get the CA to issue a new certificate.


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
    In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now