Ben Hart
asked on
Exchange 2010 certificate issue
I am trying to renew my two certificates.. their external from Network Solutions (and not a SAN cert)
I created a renew request, I login to NS and download the .crt, extract them both to c:\. I then complete the renewal request successfully however the new certs don't appear in the Exchange certificate list. I refresh, Ive closed and reopened the mgmt console but they refuse to appear for me to assign services. Anyone hazard a guess why?
I created a renew request, I login to NS and download the .crt, extract them both to c:\. I then complete the renewal request successfully however the new certs don't appear in the Exchange certificate list. I refresh, Ive closed and reopened the mgmt console but they refuse to appear for me to assign services. Anyone hazard a guess why?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Also IMPORTANT!
Imported certificate MUST have private key (cthnbficate icon should be with a small key).
If you generate request on different computer then import it to tha computer, then export it with a private key, and after import it again on exchange server.
Imported certificate MUST have private key (cthnbficate icon should be with a small key).
If you generate request on different computer then import it to tha computer, then export it with a private key, and after import it again on exchange server.
ASKER
The original CSR was generated on this machine..
Rancy:I didn't have a self-signed cert.. delete that a while back since no services were assigned to it. get-exchangecertificate displays both my internetmail and autodiscover certificates. however like I mentioned above.. the thumbprint values appear to be different.
I went so far as to open the cert store for the local machine, under personal-certificate I deleted the two old, expired ones.
Rancy:I didn't have a self-signed cert.. delete that a while back since no services were assigned to it. get-exchangecertificate displays both my internetmail and autodiscover certificates. however like I mentioned above.. the thumbprint values appear to be different.
I went so far as to open the cert store for the local machine, under personal-certificate I deleted the two old, expired ones.
ASKER
[PS] C:\Users\subhart\Desktop>get-exchangecertificate
Thumbprint Services Subject
---------- -------- -------
86FC52E5BA188FDFABE03C3B58431CDB60A8792E ...... CN=JAK-2K8-EXCH.DIFC.root01.org
A5BE0237561AA623A23A821C6B51C74ACF3CA7E3 ...... CN=internetmail.unifiedbrands.net, OU=nsProtect Secure Xpress, ...
90B24FAC54A60FEBA42DB4A8419D2D111790D0F0 ...... CN=autodiscover.unifiedbrands.net, OU=nsProtect Secure Xpress, ...
The bottom two are the valid, Network Solutions certificates I imported by completing the requests. The top is a self-signed I discovered this morning.. guess my CA pushed it out via AutoEnrollment.
Compare the thumbprint above for Internetmail to the attached picture.
Untitled.png
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I've decided to delete those two requests and reissue the certificates from the publisher. generated and submitted two new CSR's.
ASKER
Thanks guys.. i think removing them all and starting over from scratch fixed my issue.
ASKER
You guys took the time to help so thanks!
ASKER