Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange SSL Cert Renewal (kind of urgent)

Posted on 2011-09-30
4
Medium Priority
?
326 Views
Last Modified: 2012-05-12
So i renewed my exchange 2007 cert from godaddy and now I am trying to import it into my server.

When i run this command:
Remove-ExchangeCertificate -Thumbprint

I get this error:
Remove-ExchangeCertificate : The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate
Parameter name: Thumbprint
At line:1 char:27

Can you please help asap?
thanks,
0
Comment
Question by:cheto06
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36895418
Are you trying to remove old certificate..?
once enter get-exchangecertificate pipeline fl and check wether the old cert is being used or not.
You should get invalid and none if the certificate is expired and not being used.
enable your new certificate by Enable-exchangecertificate <thumbprint> <Services> and restart transport service once.
Also check eventviewer after restarting respective service.
Post the results here..
0
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 36895957
How did you renew the certificate ? and why are you trying to remove the old one ?


you can install the new certificate without removing the old one, you should also know that there is nothing called "renew certificate" in exchange. You cannot go to godaddy site and click on renew and download the certificate from the site and expect it to work one exchange, it doesn't work that way

you will need to
1) Generate a new CSR from exchange
2) rekey the certificate in godaddy using the new csr
3) import the new certificate from godaddy in exchange using the import-exchangecertificate
4) finally enable it for IIS and/or smtp using enable-exchangecertificate

again there is no need to remove the old one to do all the above
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 36902584
Akhater is correct.  When you renew the certificate, you are in fact getting a new certificate which you have to add to Exchange as you did the previous certificate.  You cannot delete the old certificate till it has been replaced as you have to have at least one certificate.

So the process is to install the new certificate, move the services across, make the new certificate the default and then remove the old certificate.
0
 

Author Closing Comment

by:cheto06
ID: 36903899
Thanks, it turns out i was misled by go daddy. They told me I could use the same CSR request to generate the new cert. I eventually called back and another engineer told me that wasn't true. I created a new CSR from exchange, uploaded the new cert and everything worked great.

thanks,
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question