Looking for correct syntax for New-ExchangeCertificate

I am having an issue getting ISA 2006 SP1 to import an Exchange SAN cert.  ISA server cert tool likes the exported cert from Exchange 2007.  Web listener doesn't think it is a valid cert.  I have found two different examples for the privatekeyexportable statement.
-PrivateKeyExportable:$True and -PrivateKeyExportable $True.  One with a colon and one without.  I actually saw it both ways on a technet site.  Is this an issue?  I saw some other posts here indicating that the key may not be exportable.  This is a SAN cert from godaddy.  Exchange seems to like it.  I recorded the powershell sequence start to finish.  I ran the -PrivateKeyExportable $True without a colon.  No errors were generated by power shell.
Who is Participating?
RaghuvConnect With a Mentor Commented:
Also check out the below article to export certificate from Exchange and then import it on ISA,

If you are creating a new certificate, then you can use the below command,

New-ExchangeCertificate -GenerateRequest -Path c:\certificates\request.req -SubjectName "c=ES, o=Exchange, cn=mail.domain.com" -DomainName mail.domain.com, autodiscover.domain.com, FQDN_ExchangeServer, NetBIOS_ExchangeServer -PrivateKeyExportable $true


New-ExchangeCertificate -SubjectName "c=ES, o=Exchange, cn=mail.domain.com" -DomainName mail.domain.com, autodiscover.domain.com, FQDN_ExchangeServer, NetBIOS_ExchangeServer -PrivateKeyExportable $true

And if you like to Export a certificate, then try the below commands,

Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Path c:\certificates\export.pfx -Password:(Get-Credential).password

PS: To check the thumbprint of existing certificates, run "Get-ExchangeCertificaite | FL" and locate the Thumbprint parameter.
markmagnusAuthor Commented:
I have met the enemy and he is me.  It helps if when you run the mmc for certificate manager, you select the computer radio button instead of letting it stay on the default user button.  Unfortunately, they both have a personal folder.  Once I put the certificate in the right place all was well.  The ISABPA was fairly blunt about the fact that I was an idiot for expecting this to work the way I did it.

You can either be a wonderful example or a terrible warning.  Today, I am the terrible warning.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.