stillsyra
asked on
Exchange 2007 Enable-ExchangeCertificate PrivateKeyMissing SSL Certificate
We have an Exchange 2007 server with SP3, on Windows Server 2008 R2. Currently, it has SSL servertificate from GoDaddy for Outlook web mail, and the SSL SAN doesn't include autodiscover. I'm trying to add autodiscover to the SAN. Talked to GoDaddy support and was told to just add the autodiscover to the SAN, and it generated another certificate. Followed the instruction http://community.godaddy.com/help/article/4877?locale=en to install the certificate. At the last step, Enable-ExchangeCertificate , I got error:
[PS] C:\Windows\system32>Enable -ExchangeC ertificate -Thumbprint FD5058D6AD58AA4C53054981C3 99B36EE64E 33A0 -Services "SMTP, POP, IMAP, IIS"
Enable-ExchangeCertificate : The certificate with thumbprint FD5058D6AD58AA4C53054981C3 99B36EE64E 33A0 was found but is not valid for use with Exchange Server (reaso
n: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate <<<< -Thumbprint FD5058D6AD58AA4C53054981C3 99B36EE64E 33A0 -Services "SMTP, POP, IMAP, IIS"
+ CategoryInfo : NotSpecified: (:) [Enable-ExchangeCertificat e], CertificateNotValidForExch angeExcept ion
+ FullyQualifiedErrorId : F2791AD5,Microsoft.Exchang e.Manageme nt.SystemC onfigurati onTasks.En ableExchan geCertific ate
Called GoDaddy again, and they said that I should remove the current certificate from the server, generate a certificate signing request, re-key the certificate, and install the certifcate again on ther server.
I don't want to interrupt the usage for the web mail at the time right now. Is there a way to do that?
Also, when i ran Get-ExchangeCertificate, it returned "IP, WS" as services. What do they stand for?
[PS] C:\Windows\system32>get-ex changecert ificate
Thumbprint Services
---------- --------
CAC9E02A6E4AA0560F514F4B2C C72BD42252 AA06 IP.WS
I appreciate your help.
[PS] C:\Windows\system32>Enable
Enable-ExchangeCertificate
n: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate
+ CategoryInfo : NotSpecified: (:) [Enable-ExchangeCertificat
+ FullyQualifiedErrorId : F2791AD5,Microsoft.Exchang
Called GoDaddy again, and they said that I should remove the current certificate from the server, generate a certificate signing request, re-key the certificate, and install the certifcate again on ther server.
I don't want to interrupt the usage for the web mail at the time right now. Is there a way to do that?
Also, when i ran Get-ExchangeCertificate, it returned "IP, WS" as services. What do they stand for?
[PS] C:\Windows\system32>get-ex
Thumbprint Services
---------- --------
CAC9E02A6E4AA0560F514F4B2C
I appreciate your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
no you don't need to remove the current, just create a new request and rekey it at go daddy
download the new and import it in exchange
then enable the new one for the services no one will be stopped
download the new and import it in exchange
then enable the new one for the services no one will be stopped
ASKER
I just import and enabled the new certificate successfully. Thanks Akhater for your help.
ASKER