[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 149
  • Last Modified:

Install SSL on 2nd CAS Server

We have recently renewed our SSL for our Exchange 2010 Server, which is working fine.

However, I want to install the SSL certificate on the backup CAS server, but when I do an EXPORT (from the live server) and try to IMPORT to the backup server, I get the error:

"Cannot import certificate.  A certificate with the thumbprint .................... already exists"

I thought this was the method (export-import) I used last time, but can't recall how to solve this error.
0
AndyB74
Asked:
AndyB74
  • 5
  • 4
1 Solution
 
MASTechnical Department HeadCommented:
Why you export and import?
You can request for a duplicate and import to the backup CAS server.

Generate the command to issue request
https://www.digicert.com/easy-csr/exchange2010.htm and request for new one.
0
 
AndyB74Author Commented:
Is this the same for ssls.com?  Can you point me to a knowledge base if this is the case?  (I don't want to cancel out the other certificate).
0
 
MASTechnical Department HeadCommented:
I am not sure about SSLS.
I am sure you can do it. But for that you will have to contact SSLS and they will provide you the details on on how this can be done. They have online chat support.

May be they have a step by step guide to export from one server and import to another if they dont provide duplicate
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
AndyB74Author Commented:
That article you list for Digicerts is just the basic instruction on how to issue an SSL for Exchange - I don't see anything there about issuing for secondary servers?
0
 
MASTechnical Department HeadCommented:
That is only for the getting command. To make sure work easy. No need to type a long command. Just copy from the site and paste in EMS.
default path is .\ (system folder) change it to C:\certificate or what ever location you would like to
0
 
AndyB74Author Commented:
Yes - but I don't see how that answers my question.  If I regenerate the SSL then it will invalidate the first one, right?
0
 
MASTechnical Department HeadCommented:
If your SSLS allow you to issue duplicate then no issue.
Otherwise it will revoke the current certificate

If you want to export and import check this
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/managing-certificates-exchange-server-2010-part3.html
0
 
Md. MojahidCommented:
Here's two links for you:
1. Export Certificate and key (the powershell command is actually in the comments of the article - this step is basically the same process as referenced in Sean Donelley's linked artcie)

http://technet.microsoft.com/en-us/library/dd351274(v=exchg.141).aspx

2. Move the resulting file to a location accessible by the new server.

3. Import Certificate and key

http://technet.microsoft.com/en-us/library/bb124424(v=exchg.150).aspx

4. Then associate the certificate to the appropriate Exchange services:

Enable-ExchangeCertificate -Thumbprint "you should have this by now (without quotes)" -Services POP,IMAP,SMTP,IIS
0
 
AndyB74Author Commented:
Hi,

When I try this, I get the error you see attached.

Any ideas?

Thanks.Error
0
 
MASTechnical Department HeadCommented:
Get the thumb print of the certificate using the below command
get-exchangecertificate
Export the certificate as PFX
http://technet.microsoft.com/en-us/library/dd351274(v=exchg.141).aspx
Remove the certificate using the below command
Remove-exchangecertificate –thumbprint xxxxxxx
Copy the thumbprint from the above error.

Import gain and enable services
http://technet.microsoft.com/en-us/library/dd351183(v=exchg.141).aspx
http://technet.microsoft.com/en-us/library/aa997231(v=exchg.150).aspx
http://www.tbs-certificates.co.uk/FAQ/en/529.html
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now