We help IT Professionals succeed at work.

Importing a Wildcard Cert on Exchange 2010

marrun1972
marrun1972 asked
on
2,800 Views
Last Modified: 2012-05-10
I have setup an Exchange 2010 server and I have a wildcard cert i would like to import. I have downloaded the cert from our GoDaddy account and I would now like to import.

When I go to import the signed cert it is asking for a PFK file but that is not included from my godaddy download. The cert was originally created from a Linux system and then submitted to godaddy to be signed.

When I have installed certs on a windows system in the past it has been fairly simple but I have always generated the cert from the windows system, which meant was the cert got signed from the provider the request was waiting on the windows server.

How do I import the signed wildcard cert without creating the request on the windows server?
Comment
Watch Question

You need the private key from the linux system, the wildcard certificate (which should be in PEM format), the password for the private key, and a copy of OpenSSL (you can download OpenSSL for windows here: http://www.slproweb.com/download/Win32OpenSSL-1_0_0c.exe).

This is the openSSL command you will be using. you will be prompted for the private key password before conversion:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt


Further possible OpenSSL commands:
http://expertsxchange.blogspot.com/2009/06/openssl-commands-to-convert-ssl.html


Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
Why not just generate the certificate in the Exchange Management Shell if you've already purchased the certificate? Why the generation from Linux? Was it cheaper this way or something?

You should be able to export the file you need from openssl on the Linux machine but I'm still not sure if this is going to work.

Author

Commented:
Renazones - The cert was created and signed a while ago for another purpose which was hosted on a linux server. I know want to import that same cert onto a WIndows system without having to buy it again.

Author

Commented:
I will be giving the above instructions a go now and will let you know how I get on...
Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
Godaddy will allow you to rekey the cert as long as the principle name stays the same. So, you can generate your certificate request from your Exchange server and go to the Godaddy control panel and rekey the cert for your purposes with no trouble.

Author

Commented:
OK, so maybe I havent given you all the information. My knowledge about this stuff is nil to zero.

I have:

1 CSR File sent to Godaddy on the original request
2. KEY file private key
3. The Godaddy downloaded signed cert which is a CRT file...

So, I dont have a PEM. Is there a way to do this?

If no, should I create a new wildcard cert on exchange? If I do this will I be able to import into other windows servers easily?
Britt ThompsonSr. Systems Engineer
Top Expert 2009
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
The crt file is the PEM
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
This worked:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt because it created my pfx which I could then install.

The re-key would have worked but was nervous since the original was still being used on some Linux servers so will distribute the points.

Thank you both for helping me, its greatly appreciated

Author

Commented:
Great, really helped.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions