Solved

GoDaddy Cert reissue for Exchange 2010

Posted on 2014-12-29
26
54 Views
Last Modified: 2015-12-11
HI! I have tried to research this scenario and cant get my expiring cert renewed. Any help would be greatly appreciated!. I have tried to import the new cert and renew the cert. I get an error " certificate thumbprint already exists" when I click complete pending request and point it to the new cert. I had also imported the intermediates cert through GoDaddy instructions.. I am stuck at this point and wondered if anyone could give me any help.
0
Comment
Question by:StrategicTelecom
  • 12
  • 9
  • 5
26 Comments
 
LVL 9

Expert Comment

by:Sean
ID: 40521941
I would suggest creating a new certificate request from EMC. Then take that request to godaddy with the request and then complete the request once you get it back from godaddy.
0
 
LVL 3

Expert Comment

by:Glenn M
ID: 40521958
You typically get that message if the certificate is installed under the personal certificates on the server. Remove it from there any try again.
0
 

Author Comment

by:StrategicTelecom
ID: 40522166
When I create a new request and paste the key into the ssl cert on GoDaddy's page it recreates the same named cert. I end up with the same thumbprint error.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 3

Expert Comment

by:Glenn M
ID: 40522182
Did you remove the old cert from the Personal certificates store on the server? You can do that from a snap-in (certmgr.msc)
0
 

Author Comment

by:StrategicTelecom
ID: 40522224
I do not see the pending request cert under the personal store. I see the other certs we have as well as the expired one that I am trying to replace. Should I remove the expired cert I am trying to replace?
0
 
LVL 3

Expert Comment

by:Glenn M
ID: 40522231
Yes, remove the expired cert from the Personal Store. It shouldn't have been in there in the first place. It should be in the Trusted Root Certification Authorities folder in a 'Certificates' folder.

Lastly, note that you typically only have 90 days to renew an expired certificate after which you have to process an entirely new certificate.
0
 

Author Comment

by:StrategicTelecom
ID: 40522244
It has been less than 1 month since the expiration. I have removed the expired cert in from "Personal". Installed the intermediate and then went to process pending request for the renewed cert and I get the thumbprint error again. What am I missing?

Thank you for your time and patience!
0
 
LVL 9

Expert Comment

by:Sean
ID: 40522252
Check IIS and make sure that it is removed from there as well.
0
 

Author Comment

by:StrategicTelecom
ID: 40522257
Looked at server certs in IIS and the expired cert is not in the list.
0
 

Author Comment

by:StrategicTelecom
ID: 40522282
Should I remove pending request and try to install a New Exchange Cert?
0
 
LVL 9

Expert Comment

by:Sean
ID: 40522287
try to remove the request and then add the cert without the request pending. I think i have ran into that once before but it might be a long shot.
0
 
LVL 3

Expert Comment

by:Glenn M
ID: 40522290
It can't hurt. You can also try searching through the rest of the Certificate Store to see if you can find the cert that matches that thumbprint.
0
 

Author Comment

by:StrategicTelecom
ID: 40522330
If I search under thumbprint I only get the "Pending request " cert I just implemented. This was after I removed it and created a New Exchange Cert.
0
 
LVL 9

Expert Comment

by:Sean
ID: 40522336
Did you try to remove the pending request and import the new cert?
0
 

Author Comment

by:StrategicTelecom
ID: 40522338
Yes I removed it and then added a new one.
0
 
LVL 9

Expert Comment

by:Sean
ID: 40522343
ah what i mean is to remove the request for the new cert. Then take the already completed cert from godaddy and try to import it. So your not completing a request your just importing the cert.
0
 
LVL 3

Expert Comment

by:Glenn M
ID: 40522348
You can also remove the cert from the command line - you need to start a command window with Admin priv.

Syntax is: Remove-ExchangeCertificate -Thumbprint whateverthethumbprintis
0
 

Author Comment

by:StrategicTelecom
ID: 40522375
Upon import is asking for a pw for the private key. How can I obtain this .. through GoDaddy?
0
 
LVL 3

Expert Comment

by:Glenn M
ID: 40522392
Not sure why you'd be getting asked for that. You would only assign a password to a certificate if you were doing an export to move the certificate to another machine. How are you trying to import this renewal cert? Through the EMC?
0
 

Author Comment

by:StrategicTelecom
ID: 40522428
Yes in EMC. If I click Import Exchange Certificate it asked for the cert file and underneath that there is a pw field. It says that you must enter the password of the private key on import.
0
 
LVL 3

Expert Comment

by:Glenn M
ID: 40522639
In the EMC you should be navigating to Server Configuration, right clicking your server, then choosing 'Complete Pending Request'. Then you browse to the location of the downloaded CSR file.
0
 

Author Comment

by:StrategicTelecom
ID: 40523865
This cert was for a subdomain we issued through the server sometime ago. I followed the directions here: http://it.mzedan.com/2012/07/18/certificates-for-exchaneg-2010-using-internal-ca/
The problem I am having now  is that the cert is not showing up under pending in the EMC. I went to personal cert folder and trusted root and selected the certs and retried to no avail.
0
 
LVL 3

Expert Comment

by:Glenn M
ID: 40523887
I'm confused now. I thought you were renewing a GoDaddy cert? Those guidelines you linked to are for a self-generated certificate.

At this point it might make sense to simply issue a new clean GoDaddy UCC certificate. Good writeup on the whole process here: https://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010?countrysite=www&marketid=en-US
0
 

Author Comment

by:StrategicTelecom
ID: 40523890
We had one GoDaddy that had expired, it was not for our subdomain access sorry for the confusion
0
 

Author Comment

by:StrategicTelecom
ID: 40523900
Just go buy an SSL cert and go through the toturial.. does it matter at all that is is "remote.mydomain.com" ?
0
 
LVL 3

Accepted Solution

by:
Glenn M earned 500 total points
ID: 40524286
The cert should match whatever your MX record is
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to rename PST file in OUTLOOK 2013 3 72
Outlook:  Sent on Behalf of 4 67
Exchange 2010 and 2016 Co-Existence 24 191
MSP multi use software 4 120
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
The purpose of this video is to demonstrate how to set up Lists in Mailchimp. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchimp account. : Click on Lists. Click on Create List Button : Choose the desi…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now