• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 193
  • Last Modified:

creating an exchange 2007 certificate

I am running exchange 2007 with SP2.  My certificate is about to expire and I'm trying to install the new cert, but it's giving me this error message.
The message is attached.  

Then when I try to create a new request, I get another error message, also attached.

Any advise how to get a my new cert installed correctly?

Thanks, Dan
exchangecert.jpg
exchangeNewRequestError.jpg
0
afacts
Asked:
afacts
  • 11
  • 3
  • 3
  • +1
3 Solutions
 
afactsAuthor Commented:
I followed this advise:
http://www.cyberstreams.com/posts/2009/december/fix-for-exchange-2007-certificate-error-privatekeymissing

the output of the repair was successful (see attached), but when I go to my website and check the certificate, it's still listing the old one. How do I get it to use the new one?
repairstore.jpg
0
 
Joseph DalyCommented:
My guess would be that the period after your Inc. is messing up the request.
0
 
afactsAuthor Commented:
do I create a new one without it, or just rekey the current one? Should exchange start using the new cert automatically, or do I need to delete the old one first?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
apathy42Commented:
Two issues.

1) It is -GenerateRequest
2) As xxdcmast indicates, a . in organization is not allowed.
0
 
afactsAuthor Commented:
I can't believe I misspelled it.  I corrected the spelling and removed the . as well.
Still the same error.
generateRequestnew.jpg
0
 
apathy42Commented:
I think you probably need to remove the comma as well (now that I can see it) - the comma delimits the descriptors.
0
 
Sushil SonawaneCommented:
After create new certificate remove the old certificate and check in IIS new create bind in website or not??
0
 
afactsAuthor Commented:
you're right, that worked.  how do I install it?  Ill use the CSR with godaddy to get a new cert and then I don't remember exactly what I need to do as it's been over 3 years since I last did it.  appreciate the help.
0
 
afactsAuthor Commented:
Is this all i have to do:
http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-
exchange-server-2007

I followed these instructions last time, but it didn't work,
0
 
Sushil SonawaneCommented:
Run the below mention command.

enable-exchangecertificate -thumprint "30c..." -service smtp,iis,pop

You have to only remove quotation marks " "  after services.


Refer below link to create a new certificate and certificate request also.

http://luka.manojlovic.net/2008/01/12/new-certificate-in-exchange-2007-step-by-step/

http://www.sslshopper.com/article-how-to-use-ssl-certificates-with-exchange-2007.html

http://technet.microsoft.com/en-us/library/bb851505(v=exchg.80).aspx
0
 
afactsAuthor Commented:
well, I got further, i was able to import the cert, but when i did the enable-exchangecertificate -thumbprint etc..... it just sits there, no error it doesn't do anything, so how do I know what the error is?  I attached the screenshot.
import.jpg
0
 
afactsAuthor Commented:
I tried that, I removed the " for the different services, but it still does nothing. I even added the quotes for the thumbprint, but still nothing.  I will look at the articles.
0
 
afactsAuthor Commented:
now it doesn't find the certificate.   this is crazy, i don't understand why it's so difficult.
I followed the steps in that article
NOT-FOUND.jpg
0
 
Sushil SonawaneCommented:
Run below command.

get-exchangecertificate

check the thumbprint available in command output as you mention in screen shot.

If available then run the below command.

enable-exchangecertificate -thumprint "30c..." -service smtp,iis,pop

Let me know is it third party certificate like "go daddy" or self sign certificate.
0
 
afactsAuthor Commented:
its a godaddy cert
0
 
afactsAuthor Commented:
ok, thanks, so i was able to add the smtp and iis service to the cert, so that worked, thank you, it's the first one that is the newest one

the thumbprint for the newest cert ends in F96.

I've attached a screenshot, so now my question is, how do I make it live, or active?
when i go to my mail.domain.com website, it's still using the old cert expiring in a few days.
How do I get it to load the new cert?
getexchangecert.jpg
0
 
apathy42Commented:
You can use:
Remove-ExchangeCertificate -Thumbprint <Thumbprintinfo>
to get rid of the old one.  

Alternatively, you can use
Enable-ExchangeCertificate -Thumbprint <ThumbprintInfo> -Services None
to disable it without removing.
0
 
afactsAuthor Commented:
Thanks everyone for your help.  after enabling the services again, it looks like that did the trick.  I did that before so I don't know why it didn't work before, but oh well, it's working.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 11
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now