[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1012
  • Last Modified:

import cert to exchange 2010 that was generated on another server

I generated the csr and obtained my wildcard cert for my domain using cpanel.
I have a .cer file downloaded from godaddy to import into exchange 2010. however it won't import into exchange certificates so that i can assign it to services.

how can i import the CSR generated from cpanel and then import the cert file to show up?

i can import the cert obviously into certificate management mmc however then it doesn't show up under Exchange Certificates.
0
deeburp
Asked:
deeburp
  • 5
  • 4
2 Solutions
 
cfletch1980Commented:
try using powershell command to import certificate being you generated CSR on another server.


Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path <path of cert> -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services "IIS,POP,IMAP,SMTP"

Where only the desired services are specified by the Enable-ExchangeCertificate portion of the command.
0
 
deeburpAuthor Commented:
I get this when running it
Enable-ExchangeCertificate : The certificate with thumbprint 5C084BC930190136875DC9570E77EC9C9ABD4AB7 was found but is
not valid for use with Exchange Server (reason: PrivateKeyMissing).

how can i add the private key file?
0
 
cfletch1980Commented:
check this http://www.digicert.com/ssl-support/exchange-2007-wildcards.htm

http://www.digicert.com/ssl-support/troubleshooting-exchange-2007.htm

Try taking POP and IMAP out of the services enabled to use that certificate

Why did you not use exchange console to generate certificate. Its pretty simple using EMC and importing the certificate in Exchange 2007/2010
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
deeburpAuthor Commented:
the cert we have for the wildcard is already generated and installed on other servers and was generated using one of them.
0
 
cfletch1980Commented:
installed on other exchange servers?

Try imputing through EMC -> Highlight Server Configuration and you should see option on right panel
0
 
deeburpAuthor Commented:
no per my original post. the cert request was done via Cpanel. and the cert is installed and used via that server

i have the csr, key and the crt file. how can i import this information into exchange/windows certificate so that exchange can use it too?
0
 
cfletch1980Commented:
do get-ExchangeCertificate and paste results to verify the first part of the powershell command worked installing your certificate.
0
 
deeburpAuthor Commented:
Ok i got it working..

Have to use openssl to combine the Key file (used during the CSR generation part) and the Crt file from the CA (in my case godaddy)

this site helped in making the pfx file.
http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips

Note openssl is installed on macs by default so i used that to make the file.
0
 
deeburpAuthor Commented:
the openssl allowed for the combination for a pfx file which exchange EMC can import properly
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now