Solved

Exchange SSL Cert Renewal (kind of urgent)

Posted on 2011-09-30
4
319 Views
Last Modified: 2012-05-12
So i renewed my exchange 2007 cert from godaddy and now I am trying to import it into my server.

When i run this command:
Remove-ExchangeCertificate -Thumbprint

I get this error:
Remove-ExchangeCertificate : The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate
Parameter name: Thumbprint
At line:1 char:27

Can you please help asap?
thanks,
0
Comment
Question by:cheto06
4 Comments
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36895418
Are you trying to remove old certificate..?
once enter get-exchangecertificate pipeline fl and check wether the old cert is being used or not.
You should get invalid and none if the certificate is expired and not being used.
enable your new certificate by Enable-exchangecertificate <thumbprint> <Services> and restart transport service once.
Also check eventviewer after restarting respective service.
Post the results here..
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 36895957
How did you renew the certificate ? and why are you trying to remove the old one ?


you can install the new certificate without removing the old one, you should also know that there is nothing called "renew certificate" in exchange. You cannot go to godaddy site and click on renew and download the certificate from the site and expect it to work one exchange, it doesn't work that way

you will need to
1) Generate a new CSR from exchange
2) rekey the certificate in godaddy using the new csr
3) import the new certificate from godaddy in exchange using the import-exchangecertificate
4) finally enable it for IIS and/or smtp using enable-exchangecertificate

again there is no need to remove the old one to do all the above
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 36902584
Akhater is correct.  When you renew the certificate, you are in fact getting a new certificate which you have to add to Exchange as you did the previous certificate.  You cannot delete the old certificate till it has been replaced as you have to have at least one certificate.

So the process is to install the new certificate, move the services across, make the new certificate the default and then remove the old certificate.
0
 

Author Closing Comment

by:cheto06
ID: 36903899
Thanks, it turns out i was misled by go daddy. They told me I could use the same CSR request to generate the new cert. I eventually called back and another engineer told me that wasn't true. I created a new CSR from exchange, uploaded the new cert and everything worked great.

thanks,
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question