• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2329
  • Last Modified:

can't import SSL cert because it exists. can't enable it because it's not found!

I imported the SSL cert last week, but forgot to apply it to the pop connector. When I ran the exact same command to apply to pop as well, I receive this error:

[PS] C:\Documents and Settings\user>Enable-ExchangeCertificate -Thumbprint 1234567890 -Services "POP, IMAP"
Enable-ExchangeCertificate : The certificate with thumbprint 1234567890 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Thumbprint 1234567890 -Services "POP, IMAP"

When I try to import the cert I get this error:

[PS] C:\Documents and Settings\user>Import-ExchangeCertificate -Path "C:\Documents and Settings\user\Desktop\mail.server.com\mail.server.com.crt" -friendlyname mail.server.com
Import-ExchangeCertificate : Cannot import as there already is a certificate with a thumbprint of 1234567890.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -Path "C:\Documents and Settings\user\Desktop\mail.server.com\mail.server.com.crt" -friendlyname mail.server.com
0
MH-Administrator
Asked:
MH-Administrator
  • 2
  • 2
1 Solution
 
abhijitmdpCommented:
Better you hit below command in exchange management shell and check for the existing thumbprint :
Get-ExchangeCertificate
If above command displays the same thubmprint then delete the thumbprint by using below command
Remove-ExchangeCertificate -Thumbprint "the thumbprint number without quote"
After deleting this you'll need to check the certificate console for the same certificate and have to delete from here also and then make a new certificate request and rechain your certificate and install using the same command that you was using.
0
 
abhijitmdpCommented:
The resion is your exchange already have a certificate on which all IMAP,POP, MAPI and other services are assigned, so you have to remove that certificate first and then need to go through a new certificate request and installation process.
0
 
MH-AdministratorAuthor Commented:
I get what you are saying, but I just requested this cert on Monday and installed the cert Monday night. IIS and SMTP are working fine.

When I run "Get-ExchangeCertificate | fl thumbprint, subject", I see two certs, neither have the thumbprint that I imported and am currently using for IIS and SMTP. Something is wonky. Without a current and valid cert, how could people connect to OWA on m server?! OWA works fine somehow.
0
 
MH-AdministratorAuthor Commented:
Does the thumbprint change somehow after I get it back from the cert authority? is so, then this could be easily explained.
0
 
tigermattCommented:

I've seen this before. Fire up Start > Run > mmc, File, Add Snap-in, Certificates, Computer Account. Look under "Personal" and I suspect you may find the certificate there. You can't import the certificate again because it already exists for the computer account (even though, for Exchange purposes, it cannot see it).

I usually get around this by creating a new, identical certificate request via the Exchange Management Console, then ask your CA to have the certificate re-keyed with this new CSR. I use GoDaddy who are very good and immediately supply a new certificate. Import the new one to Exchange in the usual manner, assign services, test and verify the new one is now active, then use the mmc console to remove traces of the old one from the Computer account.

-Matt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now