pjmac28
asked on
PrivateKeyMissing
I installed Exchange 2010 with SP1 rollup 5 on 2K8 R2 server and am having the following certificate issues.
I have a separate AD server with AD Certificate Services installed to issue certificates.
I generated the request from the EMC for a wildcard certificate, open up the file and copy the contents and paste it into the web based certificate request form from AD server. It creates two cert files, certnew.cer and certnew.p7b.
I use the MMC for Certificates and install the certnew.p7b in the Intermediate Certificate Authorities, then go to the EMC to complete the pending request. It appears to install correctly, but then disappears from the EMC.
I found on this site where others said the GUI is flakey, so I followed the commands using the Exchange Management Shell from this http://www.experts-exchang e.com/Soft ware/Serve r_Software /Email_Ser vers/Excha nge/Q_2672 2561.html It returns the following error...
The certificate with thumbprint blahblahblah was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing)
Where did I go wrong and how can I fix?
I have a separate AD server with AD Certificate Services installed to issue certificates.
I generated the request from the EMC for a wildcard certificate, open up the file and copy the contents and paste it into the web based certificate request form from AD server. It creates two cert files, certnew.cer and certnew.p7b.
I use the MMC for Certificates and install the certnew.p7b in the Intermediate Certificate Authorities, then go to the EMC to complete the pending request. It appears to install correctly, but then disappears from the EMC.
I found on this site where others said the GUI is flakey, so I followed the commands using the Exchange Management Shell from this http://www.experts-exchang
The certificate with thumbprint blahblahblah was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing)
Where did I go wrong and how can I fix?
In the steps you outlined in your post you said you used the .p7b file to install the Certificate Authority. But when you go back to the EMC you didn't specify if you used the .p7b file or the .cer file. If you are using the .p7b file it will not work. You must use the .cer file.
ASKER
Correct, I used the .cer file with the EMC & EMS...sorry for not clarifying.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The certificate installed, but now shows under the status of the EMC that it is invalid for Exchange Server usage.
When I submitted it to the web based request form, I selected Web Server as the Certificate Template, as the other options are: User, Basic EFS, Administrator, EFS Recovery Agent, Subordinate Certification Authority.
When I submitted it to the web based request form, I selected Web Server as the Certificate Template, as the other options are: User, Basic EFS, Administrator, EFS Recovery Agent, Subordinate Certification Authority.
ASKER
When I look at the properties of the installed certificate, it displays: This certificate cannot be verified up to a trusted certification authority.
ASKER
I just install the .p7b file to the Trusted Root Certification Authorities folder in the Certificates Console and now the certificate show in EMC as valid. :)