Posted on 2010-01-04
Last Modified: 2012-05-08
i am attempting to import a new SSL certificate into exhcange 2007. i have the new key and  while importing i have this message.
Enable-ExchangeCertificate : The certificate with thumbprint (thumbprint)  was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:87
+ Import-ExchangeCertificate -Path C:\mail_clinpath_com.cer | Enable-ExchangeCe
rtificate  <<<< -Services "SMTP, IMAP, POP, IIS"

i am lost on what to do.  any help would be great. thanks
Question by:JaysonJackson
    LVL 7

    Accepted Solution

    ___Create and obtain a 3rd party Certificate

    Exchange 2007 SSL CSR Command Wizard:
          Will need at least 4 names (example):
                    (CAS Server name1)
                    (CAS Server name1 fqdn)

    Use the New-ExchangeCertificate in the Exchange Shell on the CAS Server
          New-ExchangeCertificate -GenerateRequest -Path c:\yourdomain_com.csr -KeySize 2048 -SubjectName "c=US, s=Texas, l=Houston, o=Org Name, Inc, ou=IS," -DomainName,,, exchangeservername -PrivateKeyExportable $True
          the thumbprint for the certificate will be listed in the Shell
          The CSR file can be found under the specified path, which in this example is the root of the C: drive

    After having submitted the certificate request to a 3rd party certificate authority, youll receive an email message containing the issued certificate shortly thereafter.

    This certificate now needs to be imported and enabled on the Exchange 2007 server on which the Client Access server role has been installed
    Import-ExchangeCertificate -Path c:\mail_yourdomain_com.cer | Enable-ExchangeCertificate -Services IIS

    __In case you want to import or apply the same certificate to another Edge or CAS server then you need to perform following addition steps

    1. Open Certificate MMC Snap in on the server for local computer which already has the cert installed

    2. Go to personal container and locate the certificate which you had just imported.

    3. Export this certificate with private key - DO NOT DELETE KEY ONCE CERT HAS BEEN EXPORTED!!!

    5. Copy this certificate on the server where you want to configure this certificate.

    6. Run following command on the second server which you want to configure from the same certificate

    Import-ExchangeCertificate -Path c:\path\<certificate file>.pfx Password:(Get-Credential).password

    The Get-Credential cmdlet in the above command pops up a standard username\password dialog box. This is little bit confusing because we dont need a username to get to the keys, just put whatever you want for the username, but put the password that you used when you ran the Export certificate wizard the Certificate Manager snap-in in MMC.

    7. Run command Get-ExchangeCertificate to get the thumbprint of this certificate.

    8. Run command Enable-ExchangeCertificate thumbprint <copy the thumbprint> -services IIS

    9. After running above command run Get-exchangecertificate again for verifying if services are enabled or not.
    LVL 32

    Assisted Solution


    Author Comment

    ok will this has kept me up for several nights. being a total knucklehead when getting the new certificate.   I used the OLD CSR. After creating a new CSR and reissuing a certificate with the newly created CSR everything worked.   Thanks guys for your help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Live - One-on-One Exchange Help from Top Experts

    Solve your toughest problems, fast.
    Exchange experts are online now and ready to help you.

    Learn more about how the humble email signature can be used as more than just an electronic business card. When used correctly, a signature can easily be tailored for different purposes by different departments within an organization.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now