Solved

Windows 2008R2 Enterprise CA doesnt work on a Exchange2010 Certificate Request

Posted on 2010-11-11
6
1,680 Views
Last Modified: 2012-05-10
Hello
i built a new CA into my domain. I can provide User and Webserver-Certificates, and they work. But now i try to create a new certificate for my Exchange 2010. I created a new request whith the wizard in Exchange2010 and transfered the txt-file to the DC where the CA is located. When i open the CA, i can see all my recently issued certificates. But now, I try to submit a new request, whith the created txt-file attached, and ... nothing happens. There is no error, no dialog and no error into the event-log, - nothing happens. I canot see any changes into the CA-Folders, no pending request ... nothing.

Can you tell me, how i can create the nessecery .cer file to complete the pending request on exchange 2010?

thanks
Rene
0
Comment
Question by:realnanuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 26

Expert Comment

by:e_aravind
ID: 34118027
not sure about the error.
a) we use web-request method https:\\ca-servername\certsrv to get the cer
b)Using MMC, certmgr, request new certificate
0
 

Author Comment

by:realnanuk
ID: 34118053
a) i allready requestet a Webserver-cer, and that worked for IIS, but i cannot add my .txt request
b) when i open the mmc i can see my created server cer, but that doesnt help me, because i cannot export them i a needed form, i can export them, but that doesnt work for exchange. whe i try to import a cer into exchange, he asked me for a .pfx or p12 file, i dont have that, or dont know how to create a .pfx
0
 

Author Comment

by:realnanuk
ID: 34118078
Another problem could be, that i cannot set the flag "Mark keys as exportable" on the ca website
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Accepted Solution

by:
hatkind earned 250 total points
ID: 34118209
Try use EMS and command New-ExchangeCertificate

For example:

New-ExchangeCertificate -GenerateRequest -DomainName domain.com -SubjectName "c=COM, o=Own Organisation, cn=mx1.domain.com" -Friendlyname "Certificate for Exchange" -PrivateKeyExportable $true

Then go to your Webserver-cer, Select a task: Request a certificate ->advanced certificate request ->Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

and past here Saved Request (you get it from EMS) and select Certificate Template as Web-Server

After this submit your sertificate in EMC.

Also you can export this certificate becouse we used -PrivateKeyExportable $true in New-ExchangeCertificate  

0
 

Author Comment

by:realnanuk
ID: 34118348
genius

I only sumitted the new request by choosing "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file" Then I was able to finalize the cert request on exchange 2010.

thanks a lot
0
 
LVL 3

Expert Comment

by:mpilarczyk
ID: 35297015
Use IIS7 to request web certificate from your online authority. Then export certificate to pfx and import to Exchange.
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Journaling 2 15
Exchange 2010 CAS array Load Balancing. 7 59
Multiple Calendars on iOS devices? 9 41
Ransomware case 23 106
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question