?
Solved

Exchange SSL Cert Renewal (kind of urgent)

Posted on 2011-09-30
4
Medium Priority
?
324 Views
Last Modified: 2012-05-12
So i renewed my exchange 2007 cert from godaddy and now I am trying to import it into my server.

When i run this command:
Remove-ExchangeCertificate -Thumbprint

I get this error:
Remove-ExchangeCertificate : The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate
Parameter name: Thumbprint
At line:1 char:27

Can you please help asap?
thanks,
0
Comment
Question by:cheto06
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36895418
Are you trying to remove old certificate..?
once enter get-exchangecertificate pipeline fl and check wether the old cert is being used or not.
You should get invalid and none if the certificate is expired and not being used.
enable your new certificate by Enable-exchangecertificate <thumbprint> <Services> and restart transport service once.
Also check eventviewer after restarting respective service.
Post the results here..
0
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 36895957
How did you renew the certificate ? and why are you trying to remove the old one ?


you can install the new certificate without removing the old one, you should also know that there is nothing called "renew certificate" in exchange. You cannot go to godaddy site and click on renew and download the certificate from the site and expect it to work one exchange, it doesn't work that way

you will need to
1) Generate a new CSR from exchange
2) rekey the certificate in godaddy using the new csr
3) import the new certificate from godaddy in exchange using the import-exchangecertificate
4) finally enable it for IIS and/or smtp using enable-exchangecertificate

again there is no need to remove the old one to do all the above
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 36902584
Akhater is correct.  When you renew the certificate, you are in fact getting a new certificate which you have to add to Exchange as you did the previous certificate.  You cannot delete the old certificate till it has been replaced as you have to have at least one certificate.

So the process is to install the new certificate, move the services across, make the new certificate the default and then remove the old certificate.
0
 

Author Closing Comment

by:cheto06
ID: 36903899
Thanks, it turns out i was misled by go daddy. They told me I could use the same CSR request to generate the new cert. I eventually called back and another engineer told me that wasn't true. I created a new CSR from exchange, uploaded the new cert and everything worked great.

thanks,
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question