Solved

Exchange 2010 Certificate Problem with installation

Posted on 2010-11-11
11
971 Views
Last Modified: 2012-05-10
Hi  I have just run up a new Exchange 2010 server and I am running it up so that I can then move users over from Exchange 2007 so there is no pressure for me. I have sucessfully received a new SSL Advantage Certificate from Entrust and I used the EMC to import this certificate and it did this sucessfully. However it does not show in the EMC and if I use the GetCertificates command in the shell it only lists the native Exchange certificate created on installation. If I repeat the Import wizard it fails as it says that one of that thumbprint already exists which makes sense, but as I cannot see it nor list it I cannot assign services to it. I have googled and researched this but nothing applicable to my situation has come up so I hoping one of you Exchange guru's may be able to help!  Regards  Steve
0
Comment
Question by:SteveDunlin
  • 8
  • 3
11 Comments
 
LVL 9

Expert Comment

by:MinoDC
ID: 34109912
You can try to import the certificate through, Certificate mmc console , under Computer->Personal folder .
If the certificate is not public, you must also import the Chain Certificate in the trusted root folder.
0
 

Author Comment

by:SteveDunlin
ID: 34109963
Thanks I have done that and the Entrust certificate appears in the Personal Folderbut my problem is with the Exchange Server itself as I need to import and assign Exchange services to it, but although it has imported using the wizard in exchange it does not list in exchange in the Server Configuration under certificates so perhaps I am missing a step somewhere
0
 
LVL 9

Expert Comment

by:MinoDC
ID: 34110266
Can you attach an image of Exchange certificate console and Certificate mmc consolo with Computer-> Personal folder selected.

Thanks.
0
 

Author Comment

by:SteveDunlin
ID: 34110467
Arttached is the image you requested
Exchange2010Pic.docx
0
 
LVL 9

Expert Comment

by:MinoDC
ID: 34110720
The Entrust Certificate, have requested through the exchange request?
I believe not, because otherwise you should have the request pending.

In the properties of the certificate, you have the private key?
In Trusted Root Certification Authoritues under Certificates folder you have the Entrust root certificate?

You can make a print of this command:
http://technet.microsoft.com/en-us/library/bb124950.aspx

However with the previous command you can know the Thumbrint regarding your certificate, and with this:
http://technet.microsoft.com/en-us/library/aa997231.aspx
you enable the necessary services.
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 

Author Comment

by:SteveDunlin
ID: 34110753
You are correct as I generated the certificate request using the Exchange Shell commands. I will look at the two links you have sent me and get back to you but many thanks so far for your help Regards  Steve
0
 

Author Comment

by:SteveDunlin
ID: 34111272
Hi I have tried with Get-Exchange Certificate but it only returns the built in exchange certificate and does not find the Entrust Certificate. If I remember in Exchange 2007 you could import the certificate directly in to it via a shell command and giving the physical location of the certificate. I thought Exchange 2010 was supposed to have made it easier but it has lost me unfortunately. I have the Entrust Certificate in the Certificate Personal Folder and also the root so that is all fine I just want Exchange to import it so I can assign SMTP, IIS, POP and IMAP which is currently on my Exchange 2007 Server I cannot use your second enable certificate command because it just does not know it exists.  Steve
0
 

Author Comment

by:SteveDunlin
ID: 34111421
I have also just tried the following command:


[PS] C:\Windows\system32>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\entrust.cer -Encoding byte
 -ReadCount 0)) | Enable-ExchangeCertificate -Services "IIS,POP,IMAP,SMTP" and it says that a certificate with that thumbprint already exists and will not do it. Perhaps I will try to remove it and then reapply the above command
0
 

Author Comment

by:SteveDunlin
ID: 34111489
Ok I may be getting somewhere and you may be able to now help as I tried removing the certificate because I know its thumbprint and it says it is not valid for Exchange Server because the private key is missing as follows: The certificate with thumbprint 702520AE2AE11C807E593BC1A2ED7E072D11CFBC was found but is not valid for use with Exchan
ge Server (reason: PrivateKeyMissing).

What does this mean and can I rectify this? I have probably done something silly  Thanks  Steve
0
 

Accepted Solution

by:
SteveDunlin earned 0 total points
ID: 34118971
Ok I have got to the bottom of this now and after discovering the Private Key was missing and found this article which was very good and solved the issue at http://msexchangegeek.com/2010/01/27/missing-private-key-on-exchange-certificate/  

The certificate now shows in Exchange but with an error message that says The certificate could not be checked because the revocation status failed but this is another matter and is to do with Exchange using WHTTP and proxy settings http://support.microsoft.com/default.aspx?scid=kb;en-us;979694&sd=rss&spid=13965 refers but nearly there and this question can be closed but thanks for your time and trouble Steve Dunlin
0
 

Author Closing Comment

by:SteveDunlin
ID: 34153227
My last submission explains
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now