• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 74
  • Last Modified:

GoDaddy Cert reissue for Exchange 2010

HI! I have tried to research this scenario and cant get my expiring cert renewed. Any help would be greatly appreciated!. I have tried to import the new cert and renew the cert. I get an error " certificate thumbprint already exists" when I click complete pending request and point it to the new cert. I had also imported the intermediates cert through GoDaddy instructions.. I am stuck at this point and wondered if anyone could give me any help.
0
StrategicTelecom
Asked:
StrategicTelecom
  • 12
  • 9
  • 5
1 Solution
 
SeanSystem EngineerCommented:
I would suggest creating a new certificate request from EMC. Then take that request to godaddy with the request and then complete the request once you get it back from godaddy.
0
 
Glenn MCommented:
You typically get that message if the certificate is installed under the personal certificates on the server. Remove it from there any try again.
0
 
StrategicTelecomAuthor Commented:
When I create a new request and paste the key into the ssl cert on GoDaddy's page it recreates the same named cert. I end up with the same thumbprint error.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
Glenn MCommented:
Did you remove the old cert from the Personal certificates store on the server? You can do that from a snap-in (certmgr.msc)
0
 
StrategicTelecomAuthor Commented:
I do not see the pending request cert under the personal store. I see the other certs we have as well as the expired one that I am trying to replace. Should I remove the expired cert I am trying to replace?
0
 
Glenn MCommented:
Yes, remove the expired cert from the Personal Store. It shouldn't have been in there in the first place. It should be in the Trusted Root Certification Authorities folder in a 'Certificates' folder.

Lastly, note that you typically only have 90 days to renew an expired certificate after which you have to process an entirely new certificate.
0
 
StrategicTelecomAuthor Commented:
It has been less than 1 month since the expiration. I have removed the expired cert in from "Personal". Installed the intermediate and then went to process pending request for the renewed cert and I get the thumbprint error again. What am I missing?

Thank you for your time and patience!
0
 
SeanSystem EngineerCommented:
Check IIS and make sure that it is removed from there as well.
0
 
StrategicTelecomAuthor Commented:
Looked at server certs in IIS and the expired cert is not in the list.
0
 
StrategicTelecomAuthor Commented:
Should I remove pending request and try to install a New Exchange Cert?
0
 
SeanSystem EngineerCommented:
try to remove the request and then add the cert without the request pending. I think i have ran into that once before but it might be a long shot.
0
 
Glenn MCommented:
It can't hurt. You can also try searching through the rest of the Certificate Store to see if you can find the cert that matches that thumbprint.
0
 
StrategicTelecomAuthor Commented:
If I search under thumbprint I only get the "Pending request " cert I just implemented. This was after I removed it and created a New Exchange Cert.
0
 
SeanSystem EngineerCommented:
Did you try to remove the pending request and import the new cert?
0
 
StrategicTelecomAuthor Commented:
Yes I removed it and then added a new one.
0
 
SeanSystem EngineerCommented:
ah what i mean is to remove the request for the new cert. Then take the already completed cert from godaddy and try to import it. So your not completing a request your just importing the cert.
0
 
Glenn MCommented:
You can also remove the cert from the command line - you need to start a command window with Admin priv.

Syntax is: Remove-ExchangeCertificate -Thumbprint whateverthethumbprintis
0
 
StrategicTelecomAuthor Commented:
Upon import is asking for a pw for the private key. How can I obtain this .. through GoDaddy?
0
 
Glenn MCommented:
Not sure why you'd be getting asked for that. You would only assign a password to a certificate if you were doing an export to move the certificate to another machine. How are you trying to import this renewal cert? Through the EMC?
0
 
StrategicTelecomAuthor Commented:
Yes in EMC. If I click Import Exchange Certificate it asked for the cert file and underneath that there is a pw field. It says that you must enter the password of the private key on import.
0
 
Glenn MCommented:
In the EMC you should be navigating to Server Configuration, right clicking your server, then choosing 'Complete Pending Request'. Then you browse to the location of the downloaded CSR file.
0
 
StrategicTelecomAuthor Commented:
This cert was for a subdomain we issued through the server sometime ago. I followed the directions here: http://it.mzedan.com/2012/07/18/certificates-for-exchaneg-2010-using-internal-ca/
The problem I am having now  is that the cert is not showing up under pending in the EMC. I went to personal cert folder and trusted root and selected the certs and retried to no avail.
0
 
Glenn MCommented:
I'm confused now. I thought you were renewing a GoDaddy cert? Those guidelines you linked to are for a self-generated certificate.

At this point it might make sense to simply issue a new clean GoDaddy UCC certificate. Good writeup on the whole process here: https://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010?countrysite=www&marketid=en-US
0
 
StrategicTelecomAuthor Commented:
We had one GoDaddy that had expired, it was not for our subdomain access sorry for the confusion
0
 
StrategicTelecomAuthor Commented:
Just go buy an SSL cert and go through the toturial.. does it matter at all that is is "remote.mydomain.com" ?
0
 
Glenn MCommented:
The cert should match whatever your MX record is
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 12
  • 9
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now