nohman27
asked on
Trouble installing SSL certificate for Exchange 2007
My security cert is about to expire, and I renewed it with the same company, Go Daddy. I selected to renew it with the same information since none of our servers had changed. I downloaded the zip file containing the p7b and the crt, but ran into a problem when I tried to import it.
In power shell I ran
Import-ExchangeCertificate -path C:\2011_mail.ounceofpreven tion.org\g d_iis_inte rmediates. p7b | Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS, SMTP
That generated an error Import-ExchangeCertificate : The source data cannot be imported or the wrong password was specified.
At line:1 char:27
+ Import-ExchangeCertificate <<<< -path C:\2011_mail.ounceofpreven tion.org\g d_
iis_intermediates.p7b | Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS
, SMTP
I did find
http://technet.microsoft.com/en-us/library/cc535024(EXCHG.80).aspx
but when I go to add the snap in it tells me to select for:
my account
service account
computer account
I'm not sure what to select. after that it says to run
certutil -repairstore my "SerialNumber"
is that in a normal command prompt or in Power Shell?
In power shell I ran
Import-ExchangeCertificate
That generated an error Import-ExchangeCertificate
At line:1 char:27
+ Import-ExchangeCertificate
iis_intermediates.p7b | Enable-ExchangeCertificate
, SMTP
I did find
http://technet.microsoft.com/en-us/library/cc535024(EXCHG.80).aspx
but when I go to add the snap in it tells me to select for:
my account
service account
computer account
I'm not sure what to select. after that it says to run
certutil -repairstore my "SerialNumber"
is that in a normal command prompt or in Power Shell?
Nop what you are doing is wrong
1. gd_iis_intermediates.p7b is the intermediate certificates of GoDaddy it is not the one you should import using import-exchangecertificate
2. In exchange 2007 there is nothing called renew you will need to do the process again -> generate a csr on your exchange server -> go to godaddy rekey your certificate using the new csr -> and then import and enable
1. gd_iis_intermediates.p7b is the intermediate certificates of GoDaddy it is not the one you should import using import-exchangecertificate
2. In exchange 2007 there is nothing called renew you will need to do the process again -> generate a csr on your exchange server -> go to godaddy rekey your certificate using the new csr -> and then import and enable
ASKER
I tried the Go Daddy instructions, but got
[PS]
Enable-ExchangeCertificate -Thumbprint[mythumbprint] -Service[mythumbprint] was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate <<<< -Thumbprint [mythumbprint] -Services "IMAP, POP, UM, IIS, SMTP"
[PS]
Enable-ExchangeCertificate
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate
ASKER
I have to start the process over? like run
New-ExchangeCertificate etc...
and buy a new cert?
New-ExchangeCertificate etc...
and buy a new cert?
on the exchange you will need to do the process again yes like new-exchangecertificate etc...
On godaddy no need to buy a new one just rekey the one you have just bought/renewed it is free of charge
download from godaddy the new .cer file (NOT the p7b) and import-exchangecertificate .....cer | enable-exchangecertificate
On godaddy no need to buy a new one just rekey the one you have just bought/renewed it is free of charge
download from godaddy the new .cer file (NOT the p7b) and import-exchangecertificate
ASKER
I'm still getting an error. This time it is telling me that my thumbprint isn't correct.
This is what I ran in Powershell
[PS] C:\Documents and Settings\user>
[PS] C:\Documents and Settings\user>New-Exchange Certificat e -DomainName mail
.domain.org, www.mail.mydomain.org, mail1.mydomain.
org, , autodiscover.mydomain.org -FriendlyName mymailcert -GenerateRequest:$True -Keysize 20
48 -path c:\certreq.req -privatekeyExportable:$tru e -subjectName "c=us
, o=my org, CN=mail.mydomain.org"
Thumbprint Services Subject
---------- -------- -------
C7mythumbprintC7 ..... CN=mail.mydomai...
[PS] C:\Documents and Settings\user>Import-Excha ngeCertifi cate -path C:\mail
.mydomain.org2048\mail.myd omain.org. crt
[PS] C:\Documents and Settings\user>Enable-Excha ngeCertifi cate -Services "IM
AP, POP, UM, IIS, SMTP"
cmdlet Enable-ExchangeCertificate at command pipeline position 1
Supply values for the following parameters:
Thumbprint: C7mythumbprintC7
Enable-ExchangeCertificate : The certificate with thumbprint C7mythumbprintC7 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate <<<< -Services "IMAP, POP, UM, IIS, SMTP"
This is what I ran in Powershell
[PS] C:\Documents and Settings\user>
[PS] C:\Documents and Settings\user>New-Exchange
.domain.org, www.mail.mydomain.org, mail1.mydomain.
org, , autodiscover.mydomain.org -FriendlyName mymailcert -GenerateRequest:$True -Keysize 20
48 -path c:\certreq.req -privatekeyExportable:$tru
, o=my org, CN=mail.mydomain.org"
Thumbprint Services Subject
---------- -------- -------
C7mythumbprintC7 ..... CN=mail.mydomai...
[PS] C:\Documents and Settings\user>Import-Excha
.mydomain.org2048\mail.myd
[PS] C:\Documents and Settings\user>Enable-Excha
AP, POP, UM, IIS, SMTP"
cmdlet Enable-ExchangeCertificate
Supply values for the following parameters:
Thumbprint: C7mythumbprintC7
Enable-ExchangeCertificate
At line:1 char:27
+ Enable-ExchangeCertificate
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much that got it installed.
glad to know it is working for you !
To check your certificate
Open in new window
take a look to that's article:
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4464-Creating-Installing-Enabling-and-Configuring-Exchange-2007-and-Exchange-2010-Certificates.html?sfQueryTermInfo=1+30+certif+exchang