We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


can't import SSL cert because it exists. can't enable it because it's not found!

Medium Priority
Last Modified: 2012-05-11
I imported the SSL cert last week, but forgot to apply it to the pop connector. When I ran the exact same command to apply to pop as well, I receive this error:

[PS] C:\Documents and Settings\user>Enable-ExchangeCertificate -Thumbprint 1234567890 -Services "POP, IMAP"
Enable-ExchangeCertificate : The certificate with thumbprint 1234567890 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Thumbprint 1234567890 -Services "POP, IMAP"

When I try to import the cert I get this error:

[PS] C:\Documents and Settings\user>Import-ExchangeCertificate -Path "C:\Documents and Settings\user\Desktop\mail.server.com\mail.server.com.crt" -friendlyname mail.server.com
Import-ExchangeCertificate : Cannot import as there already is a certificate with a thumbprint of 1234567890.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -Path "C:\Documents and Settings\user\Desktop\mail.server.com\mail.server.com.crt" -friendlyname mail.server.com
Watch Question

Better you hit below command in exchange management shell and check for the existing thumbprint :
If above command displays the same thubmprint then delete the thumbprint by using below command
Remove-ExchangeCertificate -Thumbprint "the thumbprint number without quote"
After deleting this you'll need to check the certificate console for the same certificate and have to delete from here also and then make a new certificate request and rechain your certificate and install using the same command that you was using.
The resion is your exchange already have a certificate on which all IMAP,POP, MAPI and other services are assigned, so you have to remove that certificate first and then need to go through a new certificate request and installation process.


I get what you are saying, but I just requested this cert on Monday and installed the cert Monday night. IIS and SMTP are working fine.

When I run "Get-ExchangeCertificate | fl thumbprint, subject", I see two certs, neither have the thumbprint that I imported and am currently using for IIS and SMTP. Something is wonky. Without a current and valid cert, how could people connect to OWA on m server?! OWA works fine somehow.


Does the thumbprint change somehow after I get it back from the cert authority? is so, then this could be easily explained.
Site Reliability Engineer
Most Valuable Expert 2011
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.