Go Premium for a chance to win a PS4. Enter to Win


Trouble installing SSL certificate for Exchange 2007

Posted on 2011-02-26
Medium Priority
Last Modified: 2012-05-11
My security cert is about to expire, and I renewed it with the same company, Go Daddy.  I selected to renew it with the same information since none of our servers had changed.  I downloaded the zip file containing the p7b and the crt, but ran into a problem when I tried to import it.
In power shell I ran

Import-ExchangeCertificate -path C:\2011_mail.ounceofprevention.org\gd_iis_intermediates.p7b | Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS, SMTP

That generated an error Import-ExchangeCertificate : The source data cannot be imported or the wrong password was specified.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -path C:\2011_mail.ounceofprevention.org\gd_
iis_intermediates.p7b | Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS

I did find
but when I go to add the snap in it tells me to select for:
my account
service account
computer account

I'm not sure what to select.  after that it says to run
certutil -repairstore my "SerialNumber"
is that in a normal command prompt or in Power Shell?

Question by:nohman27

Expert Comment

ID: 34987036
don't forget the "" "POP, IMAP, IIS, SMTP"
To check your certificate
Get-ExchangeCertificate | fl

Open in new window

take a look to that's article:
LVL 17

Expert Comment

by:Viral Rathod
ID: 34987067
LVL 49

Expert Comment

ID: 34987118
Nop what you are doing is wrong

1. gd_iis_intermediates.p7b is the intermediate certificates of GoDaddy it is not the one you should import using import-exchangecertificate

2. In exchange 2007 there is nothing called renew you will need to do the process again -> generate a csr on your exchange server -> go to godaddy rekey your certificate using the new csr -> and then import and enable

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 34987155
I tried the Go Daddy instructions, but got
Enable-ExchangeCertificate -Thumbprint[mythumbprint] -Service[mythumbprint] was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Thumbprint [mythumbprint] -Services "IMAP, POP, UM, IIS, SMTP"

Author Comment

ID: 34987161
I have to start the process over?  like run
New-ExchangeCertificate etc...
and buy a new cert?
LVL 49

Expert Comment

ID: 34987168
on the exchange you will need to do the process again yes like new-exchangecertificate etc...

On godaddy no need to buy a new one just  rekey the one you have just bought/renewed it is free of charge

download from godaddy the new .cer file (NOT the p7b) and import-exchangecertificate .....cer | enable-exchangecertificate

Author Comment

ID: 34987252
I'm still getting an error.  This time it is telling me that my thumbprint isn't correct.

This is what I ran in Powershell

[PS] C:\Documents and Settings\user>
[PS] C:\Documents and Settings\user>New-ExchangeCertificate -DomainName mail
.domain.org, www.mail.mydomain.org, mail1.mydomain.
org, , autodiscover.mydomain.org -FriendlyName mymailcert -GenerateRequest:$True -Keysize 20
48 -path c:\certreq.req -privatekeyExportable:$true -subjectName "c=us
, o=my org, CN=mail.mydomain.org"

Thumbprint                                Services   Subject
----------                                --------   -------
C7mythumbprintC7  .....      CN=mail.mydomai...

[PS] C:\Documents and Settings\user>Import-ExchangeCertificate -path C:\mail
[PS] C:\Documents and Settings\user>Enable-ExchangeCertificate -Services "IM

cmdlet Enable-ExchangeCertificate at command pipeline position 1
Supply values for the following parameters:
Thumbprint: C7mythumbprintC7
Enable-ExchangeCertificate : The certificate with thumbprint C7mythumbprintC7 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Services "IMAP, POP, UM, IIS, SMTP"

LVL 49

Accepted Solution

Akhater earned 2000 total points
ID: 34987259
ok when you importoed the .crt file you didn't geet any errors right ?

in that case please issue now a get-exchangecertificate command you will have a thumbprint (usually the first one) with the new subject you have just requested and not assigned to any service copy THIS thumbprint and do a

enable-exchangecertificate ThumbPrintCopied -services IIS

it is NOT the same thumbprint you got when you created your request

Author Closing Comment

ID: 34987288
Thank you so much that got it installed.
LVL 49

Expert Comment

ID: 34987292
glad to know it is working for you !

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question