Solved

Exchange 2010 Certificate Problem with installation

Posted on 2010-11-11
11
972 Views
Last Modified: 2012-05-10
Hi  I have just run up a new Exchange 2010 server and I am running it up so that I can then move users over from Exchange 2007 so there is no pressure for me. I have sucessfully received a new SSL Advantage Certificate from Entrust and I used the EMC to import this certificate and it did this sucessfully. However it does not show in the EMC and if I use the GetCertificates command in the shell it only lists the native Exchange certificate created on installation. If I repeat the Import wizard it fails as it says that one of that thumbprint already exists which makes sense, but as I cannot see it nor list it I cannot assign services to it. I have googled and researched this but nothing applicable to my situation has come up so I hoping one of you Exchange guru's may be able to help!  Regards  Steve
0
Comment
Question by:SteveDunlin
  • 8
  • 3
11 Comments
 
LVL 9

Expert Comment

by:MinoDC
ID: 34109912
You can try to import the certificate through, Certificate mmc console , under Computer->Personal folder .
If the certificate is not public, you must also import the Chain Certificate in the trusted root folder.
0
 

Author Comment

by:SteveDunlin
ID: 34109963
Thanks I have done that and the Entrust certificate appears in the Personal Folderbut my problem is with the Exchange Server itself as I need to import and assign Exchange services to it, but although it has imported using the wizard in exchange it does not list in exchange in the Server Configuration under certificates so perhaps I am missing a step somewhere
0
 
LVL 9

Expert Comment

by:MinoDC
ID: 34110266
Can you attach an image of Exchange certificate console and Certificate mmc consolo with Computer-> Personal folder selected.

Thanks.
0
 

Author Comment

by:SteveDunlin
ID: 34110467
Arttached is the image you requested
Exchange2010Pic.docx
0
 
LVL 9

Expert Comment

by:MinoDC
ID: 34110720
The Entrust Certificate, have requested through the exchange request?
I believe not, because otherwise you should have the request pending.

In the properties of the certificate, you have the private key?
In Trusted Root Certification Authoritues under Certificates folder you have the Entrust root certificate?

You can make a print of this command:
http://technet.microsoft.com/en-us/library/bb124950.aspx

However with the previous command you can know the Thumbrint regarding your certificate, and with this:
http://technet.microsoft.com/en-us/library/aa997231.aspx
you enable the necessary services.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:SteveDunlin
ID: 34110753
You are correct as I generated the certificate request using the Exchange Shell commands. I will look at the two links you have sent me and get back to you but many thanks so far for your help Regards  Steve
0
 

Author Comment

by:SteveDunlin
ID: 34111272
Hi I have tried with Get-Exchange Certificate but it only returns the built in exchange certificate and does not find the Entrust Certificate. If I remember in Exchange 2007 you could import the certificate directly in to it via a shell command and giving the physical location of the certificate. I thought Exchange 2010 was supposed to have made it easier but it has lost me unfortunately. I have the Entrust Certificate in the Certificate Personal Folder and also the root so that is all fine I just want Exchange to import it so I can assign SMTP, IIS, POP and IMAP which is currently on my Exchange 2007 Server I cannot use your second enable certificate command because it just does not know it exists.  Steve
0
 

Author Comment

by:SteveDunlin
ID: 34111421
I have also just tried the following command:


[PS] C:\Windows\system32>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\entrust.cer -Encoding byte
 -ReadCount 0)) | Enable-ExchangeCertificate -Services "IIS,POP,IMAP,SMTP" and it says that a certificate with that thumbprint already exists and will not do it. Perhaps I will try to remove it and then reapply the above command
0
 

Author Comment

by:SteveDunlin
ID: 34111489
Ok I may be getting somewhere and you may be able to now help as I tried removing the certificate because I know its thumbprint and it says it is not valid for Exchange Server because the private key is missing as follows: The certificate with thumbprint 702520AE2AE11C807E593BC1A2ED7E072D11CFBC was found but is not valid for use with Exchan
ge Server (reason: PrivateKeyMissing).

What does this mean and can I rectify this? I have probably done something silly  Thanks  Steve
0
 

Accepted Solution

by:
SteveDunlin earned 0 total points
ID: 34118971
Ok I have got to the bottom of this now and after discovering the Private Key was missing and found this article which was very good and solved the issue at http://msexchangegeek.com/2010/01/27/missing-private-key-on-exchange-certificate/ 

The certificate now shows in Exchange but with an error message that says The certificate could not be checked because the revocation status failed but this is another matter and is to do with Exchange using WHTTP and proxy settings http://support.microsoft.com/default.aspx?scid=kb;en-us;979694&sd=rss&spid=13965 refers but nearly there and this question can be closed but thanks for your time and trouble Steve Dunlin
0
 

Author Closing Comment

by:SteveDunlin
ID: 34153227
My last submission explains
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now