Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2007 Enable-ExchangeCertificate PrivateKeyMissing SSL Certificate

Posted on 2011-03-21
4
Medium Priority
?
1,251 Views
Last Modified: 2012-08-13
We have an Exchange 2007 server with SP3, on Windows Server 2008 R2. Currently, it has SSL servertificate from GoDaddy for Outlook web mail, and the SSL SAN doesn't include autodiscover. I'm trying to add autodiscover to the SAN. Talked to GoDaddy support and was told to just add the autodiscover to the SAN, and it generated another certificate. Followed the instruction http://community.godaddy.com/help/article/4877?locale=en to install the certificate. At the last step, Enable-ExchangeCertificate, I got error:

[PS] C:\Windows\system32>Enable-ExchangeCertificate -Thumbprint FD5058D6AD58AA4C53054981C399B36EE64E33A0 -Services "SMTP, POP, IMAP, IIS"
Enable-ExchangeCertificate : The certificate with thumbprint FD5058D6AD58AA4C53054981C399B36EE64E33A0 was found but is not valid for use with Exchange Server (reaso
n: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate <<<<  -Thumbprint FD5058D6AD58AA4C53054981C399B36EE64E33A0 -Services "SMTP, POP, IMAP, IIS"
    + CategoryInfo          : NotSpecified: (:) [Enable-ExchangeCertificate], CertificateNotValidForExchangeException
    + FullyQualifiedErrorId : F2791AD5,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificate

Called GoDaddy again, and they said that I should remove the current certificate from the server, generate a certificate signing request, re-key the certificate, and install the certifcate again on ther server.

I don't want to interrupt the usage for the web mail at the time right now. Is there a way to do that?

Also, when i ran Get-ExchangeCertificate, it returned "IP, WS" as services. What do they stand for?

[PS] C:\Windows\system32>get-exchangecertificate

Thumbprint                                Services  
----------                                --------  
CAC9E02A6E4AA0560F514F4B2CC72BD42252AA06  IP.WS    

I appreciate your help.
0
Comment
Question by:stillsyra
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 35184607
the only way to do it is what godaddy told you

1) generate a new csr
2) issue the certificate from godaddy
3) import it in exchange
4) enble it for the services

there will be no interruption for your users


IP WS Imap  POP3 IIS SMTP
0
 

Author Comment

by:stillsyra
ID: 35184780
Thanks for the quick reply Akhater. Just want to be clear, do I need to remove the current SSL first? If so, will there be any interruption for users? Thanks!
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35184792
no you don't need to remove the current, just create a new request and rekey it at go daddy

download the new and import it in exchange

then enable the new one for the services no one will be stopped
0
 

Author Comment

by:stillsyra
ID: 35185174
I just import and enabled the new certificate successfully. Thanks Akhater for your help.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question