Solved

Windows 2008R2 Enterprise CA doesnt work on a Exchange2010 Certificate Request

Posted on 2010-11-11
6
1,677 Views
Last Modified: 2012-05-10
Hello
i built a new CA into my domain. I can provide User and Webserver-Certificates, and they work. But now i try to create a new certificate for my Exchange 2010. I created a new request whith the wizard in Exchange2010 and transfered the txt-file to the DC where the CA is located. When i open the CA, i can see all my recently issued certificates. But now, I try to submit a new request, whith the created txt-file attached, and ... nothing happens. There is no error, no dialog and no error into the event-log, - nothing happens. I canot see any changes into the CA-Folders, no pending request ... nothing.

Can you tell me, how i can create the nessecery .cer file to complete the pending request on exchange 2010?

thanks
Rene
0
Comment
Question by:realnanuk
6 Comments
 
LVL 26

Expert Comment

by:e_aravind
ID: 34118027
not sure about the error.
a) we use web-request method https:\\ca-servername\certsrv to get the cer
b)Using MMC, certmgr, request new certificate
0
 

Author Comment

by:realnanuk
ID: 34118053
a) i allready requestet a Webserver-cer, and that worked for IIS, but i cannot add my .txt request
b) when i open the mmc i can see my created server cer, but that doesnt help me, because i cannot export them i a needed form, i can export them, but that doesnt work for exchange. whe i try to import a cer into exchange, he asked me for a .pfx or p12 file, i dont have that, or dont know how to create a .pfx
0
 

Author Comment

by:realnanuk
ID: 34118078
Another problem could be, that i cannot set the flag "Mark keys as exportable" on the ca website
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 2

Accepted Solution

by:
hatkind earned 250 total points
ID: 34118209
Try use EMS and command New-ExchangeCertificate

For example:

New-ExchangeCertificate -GenerateRequest -DomainName domain.com -SubjectName "c=COM, o=Own Organisation, cn=mx1.domain.com" -Friendlyname "Certificate for Exchange" -PrivateKeyExportable $true

Then go to your Webserver-cer, Select a task: Request a certificate ->advanced certificate request ->Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

and past here Saved Request (you get it from EMS) and select Certificate Template as Web-Server

After this submit your sertificate in EMC.

Also you can export this certificate becouse we used -PrivateKeyExportable $true in New-ExchangeCertificate  

0
 

Author Comment

by:realnanuk
ID: 34118348
genius

I only sumitted the new request by choosing "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file" Then I was able to finalize the cert request on exchange 2010.

thanks a lot
0
 
LVL 3

Expert Comment

by:mpilarczyk
ID: 35297015
Use IIS7 to request web certificate from your online authority. Then export certificate to pfx and import to Exchange.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question