Solved

Change Exchange 2010 certificate

Posted on 2013-01-16
11
320 Views
Last Modified: 2013-01-17
I made an error in one of the names on an SSL certificate.

I've got the certificate issuing authority to issue a new certificate with the amended details but can't find how to replace an existing certificate.
0
Comment
Question by:andrew_2706
  • 5
  • 5
11 Comments
 
LVL 40

Expert Comment

by:als315
ID: 38781757
0
 

Author Comment

by:andrew_2706
ID: 38781781
I've tried the first and created a request and then completed using the new certificate I have which has been imported somewhere but still the old certificate is working and the one that is showing in EMC Exchange Certificates
0
 
LVL 40

Expert Comment

by:als315
ID: 38781791
Have you made "Complete pending request" and assigned it to services?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:andrew_2706
ID: 38781848
When I complete the certificate does not show in EMC so unable to assign to services?
0
 
LVL 40

Expert Comment

by:als315
ID: 38782043
What is the result of complete action? Any errors?
0
 

Author Comment

by:andrew_2706
ID: 38782156
No Errors completing request

Summary: 2 item(s). 2 succeeded, 0 failed.
Elapsed time: 00:00:00


Read file
Completed

Exchange Management Shell command completed:
Read binary stream from the file 'C:\Users\admin\Desktop\mail.linearcontrols.co.uk.crt'.

Elapsed Time: 00:00:00


mail.****.crt
Completed

Exchange Management Shell command completed:
Import-ExchangeCertificate -Server 'PLUTO' -FileData '<Binary Data>'

Elapsed Time: 00:00:00
0
 
LVL 40

Expert Comment

by:als315
ID: 38782418
If you run:
Get-ExchangeCertificate
from Exchange management shell, what is in result?
0
 

Author Comment

by:andrew_2706
ID: 38782472
None of the Thumbprints match the certificate in question, the only place I can see the installed certificate is via mmc certificates..

Thumbprint                                Services   Subject
----------                                --------   -------
38C1A3A971CBCBE932634870F28D6E7B52A332A8  ......     CN=mail.*******.co.uk, OU=Domain Control Validated, O=ma...
F989C0607771F2423294140E977B5E714AFCAD13  IP.WS.     CN=mail.*******s.co.uk, OU=Domain Control Validated, O=ma...
8B9B430F24C2E033B0CB0D4C5D7E0775174D8027  ......     CN=PLUTO.linear.local
0E9CCADAAA4676DA0DA1C5CB729CA93E5CF30D95  ...WS.     CN=Sites
2D5788E3D2D4AF198317E5633C863ACDD6A0322D  ......     CN=linear-PLUTO-CA
0
 
LVL 40

Expert Comment

by:als315
ID: 38783052
May be you installed certificate with certmgr.mmc? I've never tried, but here:
https://www.globalsign.com/support/install/ex_2010.php
you can read, that it was wrong way. Try to remove it with mmc and complete again
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 38784109
You will need to create a new request on the server, and then get the certificate authority to rekey or reissue the certificate. You cannot just install a new/corrected certificate with the response from the SSL provider.

You need a pending request to be in place to match the issued certificate to.

Simon.
0
 

Author Closing Comment

by:andrew_2706
ID: 38786538
Thanks worked a treat, created new request and then just re-keyed the new certificate
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question