[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 891
  • Last Modified:

Exchange 2007 sp3 SSL Certificate


Using Server 2003 r2, exchange 2007 sp3

I have a multi domain certificate from global sign.
I saved the file as cert.crt in c:\

After executing import-exchangecertificate -path c:\cert.crt

And then Enable-ExchangeCertificate -thumbprint [thumprint] -services "smtp,iis,pop,imap"

This didn't work as it kept saying certificate not found.

So I removed the thumbprint.

Now when I try get-exchangecertificate, I dont see any cert, except the local one.

And if I try to import the certificate again it keeps telling me thumprint already there:

Import-ExchangeCertificate : Cannot import as there already is a certificate wi
th a thumbprint of thumbprint..
At line:1 char:27
+ Import-ExchangeCertificate <<<<  -Path c:\cert.cer
    + CategoryInfo          : WriteError: (0:Int32) [Import-ExchangeCertificat
   e], ImportCertificateAlreadyExistsException
    + FullyQualifiedErrorId : 34ABAC30,Microsoft.Exchange.Management.SystemCon

Please help.
  • 6
  • 5
4 Solutions
when you export the certificate make sure you include the private key
exchange will not use a certificate that does not include it

verify by opening the certificates console for the local machine and viewing the certificate. it should state that it has a private key.
masdf123Author Commented:
I am not sure how to do this exactly. I was given the certificate as text, and I copied it to cert.cer.

Now under get-exchangexcertificate that thumprint is not present.
Shreedhar EtteCommented:
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

after the import do the following
start - run - type "mmc"
file - add/remove snap-in
add the certificates snap-in for the computer account
then expand certificates, personal, and select certificates
double-click the certificate you imported
at the bottom of the certificate information you should see "you have a private key that corresponds to this certificate"

if that is missing, you must either generate a new certificate or re-export the certificate from the original source and ensure to include the private key
here is a link for creating the certificate
masdf123Author Commented:
Private key is there.

Should I remove the cert from there?
masdf123Author Commented:
I removed it from there, reimported (which worked)

While enabling I get the following:

Enable-ExchangeCertificate : The certificate with thumbprint thumbprint was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
run the cmdlet
get-exchangecertificate | fl

grab the thumbprint from the results for your certificate
masdf123Author Commented:
Actually that was public key.

Private key isn't under details of the certificate in mmc.

So what do I tell the cert authority?
you'll need to generate a new one with the -PrivateKeyExportable:$true (see article earlier)
they should cancel the first request and issue a new one
masdf123Author Commented:
my csr was created with -PrivateKeyExportable:$true originally.

What should global know to create the right cert?
it should be in the csr request and you should get the private key with the generated cert from your CA

tell them the private key was missing and you would like to replace the certificate with a new request

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now