Avatar of crp0499
Flag for United States of America asked on

Creating a certificate for 2010 OWA

I have a single Server 2008 Rs Enterprise.  It's running Exchange 2010 Enterprise.  This morning I received a message in the event log that there was no certificate for mail.mydomain.com to be found.  So, loaded with my new knowledge of certificates, I went to work.

I went in the EMC and created the cert req using the friendly name of mail.mydomain.com.  This action created a req file on my desktop.  

I then went into https://localhost/certsrv and pasted the encrypted key into the web page and proceeded to create my cer.

I then went back to my EMC and completed the req using the cer file I now have.

As soon as I did that, my cert disappeared from my EMC and I can't find it nor can I confirm if it's installed and running now.

HELP!  :)

Seriously, what's going on?


ExchangeWindows Server 2008Microsoft IIS Web Server

Avatar of undefined
Last Comment

8/22/2022 - Mon
Shreedhar Ette

- Go to Exchange PowerShell and Execute this command
Get-ExchangeCertificate and post the out put here.

Thumbprint                                Services   Subject
----------                                --------   -------
25F7F5573CC0306FAE5012A4BA03FB1ADE7689AA  IP.WS.     CN=exchange2
Shreedhar Ette

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

the .cer is in the root of C:  trying your command now
Your help has saved me hundreds of hours of internet surfing.

error - a positional parameter cannot be found that accepts argument '-Path'
Shreedhar Ette

Use this: Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\cert.pfx -Encoding Byte -ReadCount 0))

you just went above my head.  i have a cer in the root of my C: drive.  it's 1,737 bytes.  
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Shreedhar Ette

Execute this command in Exchange managem console:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\cert.pfx -Encoding Byte -ReadCount 0))

Make Sure Path and filename is proper.

ok, error, A cert with the thumbprint F56************************* already exists.
Shreedhar Ette

First Execute this:
Get-ExchangeCertificate -Thumbprint  F56************************* | remove-Exchangecertificate

Repalce the F56************************* with full thumb print.

After that try the Import-ExchangeCertificate.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

The certificate with thumbprint F567136E626796938342F6DF66E9F875123D95D3 was found but is not valid for use with Exchan
ge Server (reason: PkixKpServerAuthNotFoundInEnhancedKeyUsage).
    + CategoryInfo          : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 7695CDDB,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate