Link to home
Create AccountLog in
Avatar of Ben Hart
Ben HartFlag for United States of America

asked on

Exchange 2010 certificate issue

I am trying to renew my two certificates.. their external from Network Solutions (and not a SAN cert)

I created a renew request, I login to NS and download the .crt, extract them both to c:\.  I then complete the renewal request successfully however the new certs don't appear in the Exchange certificate list.  I refresh, Ive closed and reopened the mgmt console but they refuse to appear for me to assign services.  Anyone hazard a guess why?
Avatar of Ben Hart
Ben Hart
Flag of United States of America image

ASKER

Also if I run a 'get-exchangecertificate' via the Exchange Mgmt Shell I get two certs returned.. however upon editing the .crt's I downloaded the value of the thumbprint field is different from the values returned in the shell.
SOLUTION
Avatar of Manpreet SIngh Khatra
Manpreet SIngh Khatra
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Also IMPORTANT!
Imported certificate MUST have private key (cthnbficate icon should be with a small key).
If you generate request on different computer then import it to tha computer, then export it  with a private key, and after import it again on exchange server.
The original CSR was generated on this machine..

Rancy:I didn't have a self-signed cert.. delete that a while back since no services were assigned to it.  get-exchangecertificate displays both my internetmail and autodiscover certificates.  however like I mentioned above.. the thumbprint values appear to be different.

I went so far as to open the cert store for the local machine, under personal-certificate I deleted the two old, expired ones.
[PS] C:\Users\subhart\Desktop>get-exchangecertificate

Thumbprint                                Services   Subject
----------                                --------   -------
86FC52E5BA188FDFABE03C3B58431CDB60A8792E  ......     CN=JAK-2K8-EXCH.DIFC.root01.org
A5BE0237561AA623A23A821C6B51C74ACF3CA7E3  ......     CN=internetmail.unifiedbrands.net, OU=nsProtect Secure Xpress, ...
90B24FAC54A60FEBA42DB4A8419D2D111790D0F0  ......     CN=autodiscover.unifiedbrands.net, OU=nsProtect Secure Xpress, ...

Open in new window


The bottom two are the valid, Network Solutions certificates I imported by completing the requests.  The top is a self-signed I discovered this morning.. guess my CA pushed it out via AutoEnrollment.


Compare the thumbprint above for Internetmail to the attached picture.
Untitled.png
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I've decided to delete those two requests and reissue the certificates from the publisher.  generated and submitted two new CSR's.
Thanks guys.. i think removing them all and starting over from scratch fixed my issue.
You guys took the time to help so thanks!