can't import SSL cert because it exists. can't enable it because it's not found!

Posted on 2011-04-21
Last Modified: 2012-05-11
I imported the SSL cert last week, but forgot to apply it to the pop connector. When I ran the exact same command to apply to pop as well, I receive this error:

[PS] C:\Documents and Settings\user>Enable-ExchangeCertificate -Thumbprint 1234567890 -Services "POP, IMAP"
Enable-ExchangeCertificate : The certificate with thumbprint 1234567890 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Thumbprint 1234567890 -Services "POP, IMAP"

When I try to import the cert I get this error:

[PS] C:\Documents and Settings\user>Import-ExchangeCertificate -Path "C:\Documents and Settings\user\Desktop\\" -friendlyname
Import-ExchangeCertificate : Cannot import as there already is a certificate with a thumbprint of 1234567890.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -Path "C:\Documents and Settings\user\Desktop\\" -friendlyname
Question by:MH-Administrator
    LVL 10

    Expert Comment

    Better you hit below command in exchange management shell and check for the existing thumbprint :
    If above command displays the same thubmprint then delete the thumbprint by using below command
    Remove-ExchangeCertificate -Thumbprint "the thumbprint number without quote"
    After deleting this you'll need to check the certificate console for the same certificate and have to delete from here also and then make a new certificate request and rechain your certificate and install using the same command that you was using.
    LVL 10

    Expert Comment

    The resion is your exchange already have a certificate on which all IMAP,POP, MAPI and other services are assigned, so you have to remove that certificate first and then need to go through a new certificate request and installation process.

    Author Comment

    I get what you are saying, but I just requested this cert on Monday and installed the cert Monday night. IIS and SMTP are working fine.

    When I run "Get-ExchangeCertificate | fl thumbprint, subject", I see two certs, neither have the thumbprint that I imported and am currently using for IIS and SMTP. Something is wonky. Without a current and valid cert, how could people connect to OWA on m server?! OWA works fine somehow.

    Author Comment

    Does the thumbprint change somehow after I get it back from the cert authority? is so, then this could be easily explained.
    LVL 58

    Accepted Solution


    I've seen this before. Fire up Start > Run > mmc, File, Add Snap-in, Certificates, Computer Account. Look under "Personal" and I suspect you may find the certificate there. You can't import the certificate again because it already exists for the computer account (even though, for Exchange purposes, it cannot see it).

    I usually get around this by creating a new, identical certificate request via the Exchange Management Console, then ask your CA to have the certificate re-keyed with this new CSR. I use GoDaddy who are very good and immediately supply a new certificate. Import the new one to Exchange in the usual manner, assign services, test and verify the new one is now active, then use the mmc console to remove traces of the old one from the Computer account.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Email statistics and Mailbox database quotas You might have an interest in attaining information such as mailbox details, mailbox statistics and mailbox database details from Exchange server. At that point, knowing how to retrieve this information …
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now