[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Exchange 2007 sp3 SSL Certificate

Posted on 2010-08-30
12
Medium Priority
?
884 Views
Last Modified: 2012-05-10
Hi,

Using Server 2003 r2, exchange 2007 sp3

I have a multi domain certificate from global sign.
I saved the file as cert.crt in c:\

After executing import-exchangecertificate -path c:\cert.crt

And then Enable-ExchangeCertificate -thumbprint [thumprint] -services "smtp,iis,pop,imap"

This didn't work as it kept saying certificate not found.

So I removed the thumbprint.

Now when I try get-exchangecertificate, I dont see any cert, except the local one.

And if I try to import the certificate again it keeps telling me thumprint already there:

Import-ExchangeCertificate : Cannot import as there already is a certificate wi
th a thumbprint of thumbprint..
At line:1 char:27
+ Import-ExchangeCertificate <<<<  -Path c:\cert.cer
    + CategoryInfo          : WriteError: (0:Int32) [Import-ExchangeCertificat
   e], ImportCertificateAlreadyExistsException
    + FullyQualifiedErrorId : 34ABAC30,Microsoft.Exchange.Management.SystemCon
   figurationTasks.ImportExchangeCertificate


Please help.
0
Comment
Question by:masdf123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 2000 total points
ID: 33559250
when you export the certificate make sure you include the private key
exchange will not use a certificate that does not include it

verify by opening the certificates console for the local machine and viewing the certificate. it should state that it has a private key.
0
 
LVL 1

Author Comment

by:masdf123
ID: 33559323
I am not sure how to do this exactly. I was given the certificate as text, and I copied it to cert.cer.

Now under get-exchangexcertificate that thumprint is not present.
0
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 33559373
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 2000 total points
ID: 33559392
after the import do the following
start - run - type "mmc"
file - add/remove snap-in
add the certificates snap-in for the computer account
then expand certificates, personal, and select certificates
double-click the certificate you imported
at the bottom of the certificate information you should see "you have a private key that corresponds to this certificate"

if that is missing, you must either generate a new certificate or re-export the certificate from the original source and ensure to include the private key
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33559398
here is a link for creating the certificate
http://msexchangeteam.com/archive/2007/02/19/435472.aspx
0
 
LVL 1

Author Comment

by:masdf123
ID: 33559419
Private key is there.

Should I remove the cert from there?
0
 
LVL 1

Author Comment

by:masdf123
ID: 33559438
I removed it from there, reimported (which worked)

While enabling I get the following:

Enable-ExchangeCertificate : The certificate with thumbprint thumbprint was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33559500
run the cmdlet
get-exchangecertificate | fl

grab the thumbprint from the results for your certificate
0
 
LVL 1

Author Comment

by:masdf123
ID: 33559601
Actually that was public key.

Private key isn't under details of the certificate in mmc.

So what do I tell the cert authority?
0
 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 2000 total points
ID: 33559646
you'll need to generate a new one with the -PrivateKeyExportable:$true (see article earlier)
they should cancel the first request and issue a new one
0
 
LVL 1

Author Comment

by:masdf123
ID: 33559754
my csr was created with -PrivateKeyExportable:$true originally.

What should global know to create the right cert?
0
 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 2000 total points
ID: 33559804
it should be in the csr request and you should get the private key with the generated cert from your CA

tell them the private key was missing and you would like to replace the certificate with a new request
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question