Learn how to a build a cloud-first strategyRegister Now


can't import SSL cert because it exists. can't enable it because it's not found!

Posted on 2011-04-21
Medium Priority
Last Modified: 2012-05-11
I imported the SSL cert last week, but forgot to apply it to the pop connector. When I ran the exact same command to apply to pop as well, I receive this error:

[PS] C:\Documents and Settings\user>Enable-ExchangeCertificate -Thumbprint 1234567890 -Services "POP, IMAP"
Enable-ExchangeCertificate : The certificate with thumbprint 1234567890 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Thumbprint 1234567890 -Services "POP, IMAP"

When I try to import the cert I get this error:

[PS] C:\Documents and Settings\user>Import-ExchangeCertificate -Path "C:\Documents and Settings\user\Desktop\mail.server.com\mail.server.com.crt" -friendlyname mail.server.com
Import-ExchangeCertificate : Cannot import as there already is a certificate with a thumbprint of 1234567890.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -Path "C:\Documents and Settings\user\Desktop\mail.server.com\mail.server.com.crt" -friendlyname mail.server.com
Question by:MH-Administrator
  • 2
  • 2
LVL 10

Expert Comment

ID: 35441437
Better you hit below command in exchange management shell and check for the existing thumbprint :
If above command displays the same thubmprint then delete the thumbprint by using below command
Remove-ExchangeCertificate -Thumbprint "the thumbprint number without quote"
After deleting this you'll need to check the certificate console for the same certificate and have to delete from here also and then make a new certificate request and rechain your certificate and install using the same command that you was using.
LVL 10

Expert Comment

ID: 35441450
The resion is your exchange already have a certificate on which all IMAP,POP, MAPI and other services are assigned, so you have to remove that certificate first and then need to go through a new certificate request and installation process.

Author Comment

ID: 35441635
I get what you are saying, but I just requested this cert on Monday and installed the cert Monday night. IIS and SMTP are working fine.

When I run "Get-ExchangeCertificate | fl thumbprint, subject", I see two certs, neither have the thumbprint that I imported and am currently using for IIS and SMTP. Something is wonky. Without a current and valid cert, how could people connect to OWA on m server?! OWA works fine somehow.

Author Comment

ID: 35441653
Does the thumbprint change somehow after I get it back from the cert authority? is so, then this could be easily explained.
LVL 58

Accepted Solution

tigermatt earned 2000 total points
ID: 35441790

I've seen this before. Fire up Start > Run > mmc, File, Add Snap-in, Certificates, Computer Account. Look under "Personal" and I suspect you may find the certificate there. You can't import the certificate again because it already exists for the computer account (even though, for Exchange purposes, it cannot see it).

I usually get around this by creating a new, identical certificate request via the Exchange Management Console, then ask your CA to have the certificate re-keyed with this new CSR. I use GoDaddy who are very good and immediately supply a new certificate. Import the new one to Exchange in the usual manner, assign services, test and verify the new one is now active, then use the mmc console to remove traces of the old one from the Computer account.


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
How to effectively resolve the number one email related issue received by helpdesks.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question