We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

can't import SSL cert because it exists. can't enable it because it's not found!

MH-Administrator
on
Medium Priority
2,412 Views
Last Modified: 2012-05-11
I imported the SSL cert last week, but forgot to apply it to the pop connector. When I ran the exact same command to apply to pop as well, I receive this error:

[PS] C:\Documents and Settings\user>Enable-ExchangeCertificate -Thumbprint 1234567890 -Services "POP, IMAP"
Enable-ExchangeCertificate : The certificate with thumbprint 1234567890 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Thumbprint 1234567890 -Services "POP, IMAP"

When I try to import the cert I get this error:

[PS] C:\Documents and Settings\user>Import-ExchangeCertificate -Path "C:\Documents and Settings\user\Desktop\mail.server.com\mail.server.com.crt" -friendlyname mail.server.com
Import-ExchangeCertificate : Cannot import as there already is a certificate with a thumbprint of 1234567890.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -Path "C:\Documents and Settings\user\Desktop\mail.server.com\mail.server.com.crt" -friendlyname mail.server.com
Comment
Watch Question

Better you hit below command in exchange management shell and check for the existing thumbprint :
Get-ExchangeCertificate
If above command displays the same thubmprint then delete the thumbprint by using below command
Remove-ExchangeCertificate -Thumbprint "the thumbprint number without quote"
After deleting this you'll need to check the certificate console for the same certificate and have to delete from here also and then make a new certificate request and rechain your certificate and install using the same command that you was using.
The resion is your exchange already have a certificate on which all IMAP,POP, MAPI and other services are assigned, so you have to remove that certificate first and then need to go through a new certificate request and installation process.

Author

Commented:
I get what you are saying, but I just requested this cert on Monday and installed the cert Monday night. IIS and SMTP are working fine.

When I run "Get-ExchangeCertificate | fl thumbprint, subject", I see two certs, neither have the thumbprint that I imported and am currently using for IIS and SMTP. Something is wonky. Without a current and valid cert, how could people connect to OWA on m server?! OWA works fine somehow.

Author

Commented:
Does the thumbprint change somehow after I get it back from the cert authority? is so, then this could be easily explained.
Site Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.