Install SSL on 2nd CAS Server

We have recently renewed our SSL for our Exchange 2010 Server, which is working fine.

However, I want to install the SSL certificate on the backup CAS server, but when I do an EXPORT (from the live server) and try to IMPORT to the backup server, I get the error:

"Cannot import certificate.  A certificate with the thumbprint .................... already exists"

I thought this was the method (export-import) I used last time, but can't recall how to solve this error.
AndyB74Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution GuideCommented:
Why you export and import?
You can request for a duplicate and import to the backup CAS server.

Generate the command to issue request
https://www.digicert.com/easy-csr/exchange2010.htm and request for new one.
0
AndyB74Author Commented:
Is this the same for ssls.com?  Can you point me to a knowledge base if this is the case?  (I don't want to cancel out the other certificate).
0
MAS (MVE)EE Solution GuideCommented:
I am not sure about SSLS.
I am sure you can do it. But for that you will have to contact SSLS and they will provide you the details on on how this can be done. They have online chat support.

May be they have a step by step guide to export from one server and import to another if they dont provide duplicate
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

AndyB74Author Commented:
That article you list for Digicerts is just the basic instruction on how to issue an SSL for Exchange - I don't see anything there about issuing for secondary servers?
0
MAS (MVE)EE Solution GuideCommented:
That is only for the getting command. To make sure work easy. No need to type a long command. Just copy from the site and paste in EMS.
default path is .\ (system folder) change it to C:\certificate or what ever location you would like to
0
AndyB74Author Commented:
Yes - but I don't see how that answers my question.  If I regenerate the SSL then it will invalidate the first one, right?
0
MAS (MVE)EE Solution GuideCommented:
If your SSLS allow you to issue duplicate then no issue.
Otherwise it will revoke the current certificate

If you want to export and import check this
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/managing-certificates-exchange-server-2010-part3.html
0
Md. MojahidCommented:
Here's two links for you:
1. Export Certificate and key (the powershell command is actually in the comments of the article - this step is basically the same process as referenced in Sean Donelley's linked artcie)

http://technet.microsoft.com/en-us/library/dd351274(v=exchg.141).aspx

2. Move the resulting file to a location accessible by the new server.

3. Import Certificate and key

http://technet.microsoft.com/en-us/library/bb124424(v=exchg.150).aspx

4. Then associate the certificate to the appropriate Exchange services:

Enable-ExchangeCertificate -Thumbprint "you should have this by now (without quotes)" -Services POP,IMAP,SMTP,IIS
0
AndyB74Author Commented:
Hi,

When I try this, I get the error you see attached.

Any ideas?

Thanks.Error
0
MAS (MVE)EE Solution GuideCommented:
Get the thumb print of the certificate using the below command
get-exchangecertificate
Export the certificate as PFX
http://technet.microsoft.com/en-us/library/dd351274(v=exchg.141).aspx
Remove the certificate using the below command
Remove-exchangecertificate –thumbprint xxxxxxx
Copy the thumbprint from the above error.

Import gain and enable services
http://technet.microsoft.com/en-us/library/dd351183(v=exchg.141).aspx
http://technet.microsoft.com/en-us/library/aa997231(v=exchg.150).aspx
http://www.tbs-certificates.co.uk/FAQ/en/529.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.