Trouble installing SSL certificate for Exchange 2007

Posted on 2011-02-26
Last Modified: 2012-05-11
My security cert is about to expire, and I renewed it with the same company, Go Daddy.  I selected to renew it with the same information since none of our servers had changed.  I downloaded the zip file containing the p7b and the crt, but ran into a problem when I tried to import it.
In power shell I ran

Import-ExchangeCertificate -path C:\\gd_iis_intermediates.p7b | Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS, SMTP

That generated an error Import-ExchangeCertificate : The source data cannot be imported or the wrong password was specified.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -path C:\\gd_
iis_intermediates.p7b | Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS

I did find
but when I go to add the snap in it tells me to select for:
my account
service account
computer account

I'm not sure what to select.  after that it says to run
certutil -repairstore my "SerialNumber"
is that in a normal command prompt or in Power Shell?

Question by:nohman27
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 34987036
don't forget the "" "POP, IMAP, IIS, SMTP"
To check your certificate
Get-ExchangeCertificate | fl

Open in new window

take a look to that's article:
LVL 17

Expert Comment

by:Viral Rathod
ID: 34987067
LVL 49

Expert Comment

ID: 34987118
Nop what you are doing is wrong

1. gd_iis_intermediates.p7b is the intermediate certificates of GoDaddy it is not the one you should import using import-exchangecertificate

2. In exchange 2007 there is nothing called renew you will need to do the process again -> generate a csr on your exchange server -> go to godaddy rekey your certificate using the new csr -> and then import and enable

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 34987155
I tried the Go Daddy instructions, but got
Enable-ExchangeCertificate -Thumbprint[mythumbprint] -Service[mythumbprint] was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Thumbprint [mythumbprint] -Services "IMAP, POP, UM, IIS, SMTP"

Author Comment

ID: 34987161
I have to start the process over?  like run
New-ExchangeCertificate etc...
and buy a new cert?
LVL 49

Expert Comment

ID: 34987168
on the exchange you will need to do the process again yes like new-exchangecertificate etc...

On godaddy no need to buy a new one just  rekey the one you have just bought/renewed it is free of charge

download from godaddy the new .cer file (NOT the p7b) and import-exchangecertificate .....cer | enable-exchangecertificate

Author Comment

ID: 34987252
I'm still getting an error.  This time it is telling me that my thumbprint isn't correct.

This is what I ran in Powershell

[PS] C:\Documents and Settings\user>
[PS] C:\Documents and Settings\user>New-ExchangeCertificate -DomainName mail,, mail1.mydomain.
org, , -FriendlyName mymailcert -GenerateRequest:$True -Keysize 20
48 -path c:\certreq.req -privatekeyExportable:$true -subjectName "c=us
, o=my org,"

Thumbprint                                Services   Subject
----------                                --------   -------
C7mythumbprintC7  .....      CN=mail.mydomai...

[PS] C:\Documents and Settings\user>Import-ExchangeCertificate -path C:\mail
[PS] C:\Documents and Settings\user>Enable-ExchangeCertificate -Services "IM

cmdlet Enable-ExchangeCertificate at command pipeline position 1
Supply values for the following parameters:
Thumbprint: C7mythumbprintC7
Enable-ExchangeCertificate : The certificate with thumbprint C7mythumbprintC7 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Services "IMAP, POP, UM, IIS, SMTP"

LVL 49

Accepted Solution

Akhater earned 500 total points
ID: 34987259
ok when you importoed the .crt file you didn't geet any errors right ?

in that case please issue now a get-exchangecertificate command you will have a thumbprint (usually the first one) with the new subject you have just requested and not assigned to any service copy THIS thumbprint and do a

enable-exchangecertificate ThumbPrintCopied -services IIS

it is NOT the same thumbprint you got when you created your request

Author Closing Comment

ID: 34987288
Thank you so much that got it installed.
LVL 49

Expert Comment

ID: 34987292
glad to know it is working for you !

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question