• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1691
  • Last Modified:

Windows 2008R2 Enterprise CA doesnt work on a Exchange2010 Certificate Request

Hello
i built a new CA into my domain. I can provide User and Webserver-Certificates, and they work. But now i try to create a new certificate for my Exchange 2010. I created a new request whith the wizard in Exchange2010 and transfered the txt-file to the DC where the CA is located. When i open the CA, i can see all my recently issued certificates. But now, I try to submit a new request, whith the created txt-file attached, and ... nothing happens. There is no error, no dialog and no error into the event-log, - nothing happens. I canot see any changes into the CA-Folders, no pending request ... nothing.

Can you tell me, how i can create the nessecery .cer file to complete the pending request on exchange 2010?

thanks
Rene
0
realnanuk
Asked:
realnanuk
1 Solution
 
e_aravindCommented:
not sure about the error.
a) we use web-request method https:\\ca-servername\certsrv to get the cer
b)Using MMC, certmgr, request new certificate
0
 
realnanukAuthor Commented:
a) i allready requestet a Webserver-cer, and that worked for IIS, but i cannot add my .txt request
b) when i open the mmc i can see my created server cer, but that doesnt help me, because i cannot export them i a needed form, i can export them, but that doesnt work for exchange. whe i try to import a cer into exchange, he asked me for a .pfx or p12 file, i dont have that, or dont know how to create a .pfx
0
 
realnanukAuthor Commented:
Another problem could be, that i cannot set the flag "Mark keys as exportable" on the ca website
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
hatkindCommented:
Try use EMS and command New-ExchangeCertificate

For example:

New-ExchangeCertificate -GenerateRequest -DomainName domain.com -SubjectName "c=COM, o=Own Organisation, cn=mx1.domain.com" -Friendlyname "Certificate for Exchange" -PrivateKeyExportable $true

Then go to your Webserver-cer, Select a task: Request a certificate ->advanced certificate request ->Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

and past here Saved Request (you get it from EMS) and select Certificate Template as Web-Server

After this submit your sertificate in EMC.

Also you can export this certificate becouse we used -PrivateKeyExportable $true in New-ExchangeCertificate  

0
 
realnanukAuthor Commented:
genius

I only sumitted the new request by choosing "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file" Then I was able to finalize the cert request on exchange 2010.

thanks a lot
0
 
mpilarczykCommented:
Use IIS7 to request web certificate from your online authority. Then export certificate to pfx and import to Exchange.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now