Solved

Exchange SSL Cert Renewal (kind of urgent)

Posted on 2011-09-30
4
321 Views
Last Modified: 2012-05-12
So i renewed my exchange 2007 cert from godaddy and now I am trying to import it into my server.

When i run this command:
Remove-ExchangeCertificate -Thumbprint

I get this error:
Remove-ExchangeCertificate : The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate
Parameter name: Thumbprint
At line:1 char:27

Can you please help asap?
thanks,
0
Comment
Question by:cheto06
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36895418
Are you trying to remove old certificate..?
once enter get-exchangecertificate pipeline fl and check wether the old cert is being used or not.
You should get invalid and none if the certificate is expired and not being used.
enable your new certificate by Enable-exchangecertificate <thumbprint> <Services> and restart transport service once.
Also check eventviewer after restarting respective service.
Post the results here..
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 36895957
How did you renew the certificate ? and why are you trying to remove the old one ?


you can install the new certificate without removing the old one, you should also know that there is nothing called "renew certificate" in exchange. You cannot go to godaddy site and click on renew and download the certificate from the site and expect it to work one exchange, it doesn't work that way

you will need to
1) Generate a new CSR from exchange
2) rekey the certificate in godaddy using the new csr
3) import the new certificate from godaddy in exchange using the import-exchangecertificate
4) finally enable it for IIS and/or smtp using enable-exchangecertificate

again there is no need to remove the old one to do all the above
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 36902584
Akhater is correct.  When you renew the certificate, you are in fact getting a new certificate which you have to add to Exchange as you did the previous certificate.  You cannot delete the old certificate till it has been replaced as you have to have at least one certificate.

So the process is to install the new certificate, move the services across, make the new certificate the default and then remove the old certificate.
0
 

Author Closing Comment

by:cheto06
ID: 36903899
Thanks, it turns out i was misled by go daddy. They told me I could use the same CSR request to generate the new cert. I eventually called back and another engineer told me that wasn't true. I created a new CSR from exchange, uploaded the new cert and everything worked great.

thanks,
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In-place Upgrading Dirsync to Azure AD Connect
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question