Link to home
Start Free TrialLog in
Avatar of dtssupport
dtssupportFlag for United States of America

asked on

Exchange 2010 3rd Party SSL Certificate Issue

I have been having an extreme problem with getting 3rd party Certificate in Exchange 2010, first we tried to renew the Expired 1 year SSL Certificate and they sent me a (.crt) and then it hung in (Pending Status) and then I created a request for a new 3rd Party Certificate and sent off the request info needed and then I was sent back another .crt file and tried to apply it to the New Cert Pending request, then I found out that the Cert had to be validated and then they sent me a (.cer) certificate and I tried to Complete Pending Request over top of the previous one and I received Active Directory Errors the LDAP Server is Unavailable ( An Active Directory error 0x51 occurred)
Any insight is greatly appreciate as I cannot understand how this process has taken 3 days and I am still running into issues, the first question is since I tried to Complete the Pending Request more than Once do I need to start over again?
Avatar of Hypercat (Deb)
Hypercat (Deb)
Flag of United States of America image

Yes, I would recommend starting over fresh.  Be sure that you request the SSL certificate from within Exchange 2010 and that you retrieve it in the proper format.  Most providers will ask you to select whether you're securing an email server or a web server.

Here's a simple article on how to request a renewal using Exchange 2010:

http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

You want to specifically use the method under "This example generates a request to renew a certificate issued by a certification authority" if you're not using a self-signed certificate. Or, you can generate a new certificate request, instead of trying to renew the old one, and then simply replace the old one with the new one.
Just to add, when you get your Exchange Certificate you need to do the following...
- import the certificate using IIS or Certifciates MMC snap-in
- Open EMS and run the following commands (this needs to be run on the server with the certificate, cannot be run remotely)
Get-ExchangeCertificate | ft

- You should see the old cert and also the new cert that you have imported (note that each cert has a thumbprint)
- You will then need to assign the services to the new cert which will replace the old one

Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxx -services "imap,smtp,pop,iis"

- Click Y to accept the changes

This will have now replaced the old certificate on your Exchange server. If you have multiple CAS servers in your environment you will need to export the cert (with the private key) and import them on to every other CAS in your environment. You will also need to run the above powershell commands as well to ensure that you enable the cert.

Will.
ASKER CERTIFIED SOLUTION
Avatar of dtssupport
dtssupport
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dtssupport

ASKER

- reviewing the process and finding out the Private Key password then I was able to complete it successfully.