Solved

Installing digital certificate via powershell

Posted on 2014-11-22
7
29 Views
Last Modified: 2016-06-20
I requested a commercial digital certificate for my Exchange 2010 on Windows 2012 to migrate mailboxes from Exch 2003 to 2010. I then later installed the received commercial certificate  using powershell rather than running the Exchange 2010 EMC to complete the pending request certificate status. I also assigned services using powershell. But I noticed that the CSR status in Exhange Management Console still says "pending". Would that ever go away or do I need to again install the digital certificate but this time use the EMC and also assign the services via EMC?? I am tempted to run it again and complete the pending request via EMC, but I am concern that it may have un-intended effect on the certificate or the exchange configuration. When I used the cmdlet get-exchangecertificate | fl I can see my digital certificate and it did say valid for status and also I can see the services I assigned, and it did say too the CA issuer so it looked like it was installed properly but EMC says otherwise. Any ideas?? Let me know please. Thanks!
0
Comment
Question by:lotusmail1
  • 3
  • 3
7 Comments
 
LVL 2

Expert Comment

by:kittuskattus
ID: 40459416
Check the cert you have installed in the certmgr.msc Personal store. In the Properties/General tab does it have the "You have a private key that corresponds to this certificate" message showing?

Capture.PNG
general.PNG
If not, then you need to copy the Thumbprint value on the Details tab and run the following command in Powershell:

Certutil –repairstore My <thumbprint>

thumbprint.PNG
0
 

Author Comment

by:lotusmail1
ID: 40459522
Thanks for the reply.
I checked and it did say "You have a private key that corresponds to this certificate"  in the general tab. Would it hurt if I re-run and complete the CSR request via EMC this time? Let me know please. Thanks!
0
 
LVL 2

Expert Comment

by:kittuskattus
ID: 40459524
In that case, could it be possible that you initially generated 2 CSRs, and only one has been (correctly) completed?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 2

Expert Comment

by:kittuskattus
ID: 40459525
You could try and complete the unfinished CSR through EMC but it's unlikely to work though as I suspect the cert you have may not match the original CSR. If you have it working you should able to cancel the outstanding CSR with no ill effect.
0
 

Author Comment

by:lotusmail1
ID: 40459526
That's a good point, but I am not sure as I had somebody performed the CSR request and I heard that he had trouble the first time. I will verify it and get back. Thanks for your quick reply.

Lotusmail1
0
 

Accepted Solution

by:
lotusmail1 earned 0 total points
ID: 40460652
Hi there,

Ok I think I found out the reason why the CSR in EMC was still showing despite successful installation of the certificate via Powershell. During the process of installing the certificate via Powershell I had all the services included ie IIS, POP, IMAP, SMTP and Powershell prompted me to respond to a question:
Do you want to enforce SSL communication on the root web site? If not, rerun the cmdlet with the -DoNotRequireSSL parameter. I clicked "No". I should have click "yes" because as far as the system is concern my effort was incomplete hence when I checked the CSR in the EMC the pending request CSR is still showing.  Anyway I went ahead and assigned IIS service via Powershell and that completed the whole CSR request per EMC. Thanks for time and advice. This issue is closed.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now