Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Trouble installing SSL cert in Exchange 2007

Posted on 2014-08-14
8
Medium Priority
?
142 Views
Last Modified: 2014-08-17
I've just downloaded a security certificate from GoDaddy. I successfully imported the intermediate certificate, then ran the Import-ExchangeCertificate program in the Exchange Shell and got a thumbprint. Next I tried Enable-Exchange-Certificate and got the error shown below "PrivateKeyMissing". How do I fix this?
[PS] C:\Windows\system32>Enable-ExchangeCertificate -Thumbprint 71E5569BD8DCECD1
8C352A7515CC077BE6F6001C -Services "SMTP, IMAP, IIS"
Enable-ExchangeCertificate : The certificate with thumbprint 71E5569BD8DCECD18C
352A7515CC077BE6F6001C was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate <<<<  -Thumbprint 71E5569BD8DCECD18C352A7515CC077B
E6F6001C -Services "SMTP, IMAP, IIS"
    + CategoryInfo          : NotSpecified: (:) [Enable-ExchangeCertificate],
   CertificateNotValidForExchangeException
    + FullyQualifiedErrorId : 677EE568,Microsoft.Exchange.Management.SystemCon
   figurationTasks.EnableExchangeCertificate

Open in new window

0
Comment
Question by:jmarkfoley
  • 4
  • 3
8 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40262144
How did you create the request  ?

You can simply run the below command from an elevated prompt

certreq.exe -accept <certfile.cer>

certfile.cer has to be the name of the actual certificate you intend to use (NOT THE INTERMEDIATE)

If the request was made in IIS simply go to IIS and complete the request.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40262350
becraig: > How did you create the request  ?

I created it at goDaddy. When I requested the cert, it asked if I wanted to use a new CSR or the one for the existing certificate. I chose to use the one for the existing certificate. Note that I was not the one to create the original certificate 5 years ago, so I do not know how the then-administrator create the CSR.

> You can simply run the below command from an elevated prompt
> certreq.exe -accept <certfile.cer>

Did that, got the error:
failed> certfile.cer has to be the name of the actual certificate you intend to use (NOT THE INTERMEDIATE)

I used 4111d11611d96.crt, not gd_iis_intermediates.p7b, the latter being the intermediate certificate (I assume). These were the only two files I received.

> If the request was made in IIS simply go to IIS and complete the request.

Not sure what you mean here. The request was made at goDaddy.com and downloaded to my SBS 2008. The certificate is for Exchange and TLS. I tried the Enable-Exchange-Certificate command from the Exchange Shell.
0
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 40262369
Try the following command:
Run in an elevated command prompt

certutil -repairstore my 71E5569BD8DCECD18C352A7515CC077BE6F6001C
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jmarkfoley
ID: 40262486
Here are my results. Does this mean it worked? Should I now run Enable-ExchangeCertificate or is that taken care of?
[PS] C:\Windows\system32>certutil -repairstore my 71E5569BD8DCECD18C352A7515CC077BE6F6001C
my
================ Certificate 12 ================
Serial Number: 04111d11611d96
Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O=GoDaddy.com, Inc., L=Scottsdale, S=Arizona, C=US
NotBefore: 8/14/2014 6:45 PM
NotAfter: 8/15/2015 1:49 PM
Subject: CN=mail.ohprs.org, OU=Domain Control Validated
Non-root Certificate
Cert Hash(sha1): 71 e5 56 9b d8 dc ec d1 8c 35 2a 75 15 cc 07 7b e6 f6 00 1c
  Key Container = lr-286bce3b-bc8c-4b29-b60e-2b0d9a91640d
  Unique container name: 41df97588fe14552e35b8ce159c5dc37_7897df12-6a14-415a-bd52-da8416a1268f
  Provider = Microsoft Enhanced Cryptographic Provider v1.0
Encryption test passed
CertUtil: -repairstore command completed successfully.

Open in new window

0
 
LVL 4

Expert Comment

by:Vlastimil Sopuch
ID: 40262498
Looks like that did it.
You can verify the certs in EMC in the root of Server Configuration - should see green ticks all the way
In SBS you might need to run "Fix my network" from the SBS Console - Network / Connectivity tab.. and reboot the Information store service(this should be planned).
0
 
LVL 29

Expert Comment

by:becraig
ID: 40262550
Yup you should be able to run the exchange command now.
Happy to help.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40262561
becraig: that did it, I was able to run Enable-Exchange-Certificate successfully.

I have another cert to install. Since your solution was so correct, do you know why I had this problem in the first place? Is there something I can do to avoid this situation with my next cert?
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40264776
No theories?
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question