Exchange SSL Cert Renewal (kind of urgent)

So i renewed my exchange 2007 cert from godaddy and now I am trying to import it into my server.

When i run this command:
Remove-ExchangeCertificate -Thumbprint

I get this error:
Remove-ExchangeCertificate : The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate
Parameter name: Thumbprint
At line:1 char:27

Can you please help asap?
thanks,
cheto06Asked:
Who is Participating?
 
AkhaterCommented:
How did you renew the certificate ? and why are you trying to remove the old one ?


you can install the new certificate without removing the old one, you should also know that there is nothing called "renew certificate" in exchange. You cannot go to godaddy site and click on renew and download the certificate from the site and expect it to work one exchange, it doesn't work that way

you will need to
1) Generate a new CSR from exchange
2) rekey the certificate in godaddy using the new csr
3) import the new certificate from godaddy in exchange using the import-exchangecertificate
4) finally enable it for IIS and/or smtp using enable-exchangecertificate

again there is no need to remove the old one to do all the above
0
 
PradeepCommented:
Are you trying to remove old certificate..?
once enter get-exchangecertificate pipeline fl and check wether the old cert is being used or not.
You should get invalid and none if the certificate is expired and not being used.
enable your new certificate by Enable-exchangecertificate <thumbprint> <Services> and restart transport service once.
Also check eventviewer after restarting respective service.
Post the results here..
0
 
scriven_jCommented:
Akhater is correct.  When you renew the certificate, you are in fact getting a new certificate which you have to add to Exchange as you did the previous certificate.  You cannot delete the old certificate till it has been replaced as you have to have at least one certificate.

So the process is to install the new certificate, move the services across, make the new certificate the default and then remove the old certificate.
0
 
cheto06Author Commented:
Thanks, it turns out i was misled by go daddy. They told me I could use the same CSR request to generate the new cert. I eventually called back and another engineer told me that wasn't true. I created a new CSR from exchange, uploaded the new cert and everything worked great.

thanks,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.