afl_it
asked on
Importing new SSL cetificate Exchange 2007
Hello, I'm having problems importing our new mail SSL certificate into Exchange 2007 using the PowerShell. The error I'm getting is -
The certificate with thumbprint (number here) was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing).
I've scanned the web and have tried the certutil -repairstore command to no avail. The only thing that's different from last year is that GlobalSign (the certificate creator) have changed from using SHA-1 to SHA-256 as their default.
Should i try to install the EV Cross Certificate in order to try the SHA-1 certificate instead of the SHA-256 option?
Any help is greatly appreciated.
The certificate with thumbprint (number here) was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing).
I've scanned the web and have tried the certutil -repairstore command to no avail. The only thing that's different from last year is that GlobalSign (the certificate creator) have changed from using SHA-1 to SHA-256 as their default.
Should i try to install the EV Cross Certificate in order to try the SHA-1 certificate instead of the SHA-256 option?
Any help is greatly appreciated.
ASKER
I'm afraid i don't get the option to export to .PFX, it's greyed out. See attached image.
Cert-Options.PNG
Cert-Options.PNG
Click next- Click Browse- Save this file in PFX format and in file type select all Flies.
let me know for any issues
let me know for any issues
ASKER
Even if i click Next / Browse and manually type certname.pfx it attaches the .cer on to the end and i don't get any option to export attached keys or certificates.
Remove .cer extension. just save the file in PFX format.
Attach screenshot for your reference.
Certificate.png
Attach screenshot for your reference.
Certificate.png
ASKER
But even if i remove the .cer extension in the Browse window it adds it again to the file on the next screen. The options to "Export Keys" and "Include all certificates in the certification path" are set to No and I can't change them.
When you initally imported the key using the pfx or cer file you need to specifically make sure that "allow private key to be exported" was checked. My guess it was probably "unchecked".
That being said you will need to find the original PFX file and make sure that "allow private key to be exported" is checked.
Take a look at the below link for additional details.
http://support.microsoft.com/kb/232154
Will.
That being said you will need to find the original PFX file and make sure that "allow private key to be exported" is checked.
Take a look at the below link for additional details.
http://support.microsoft.com/kb/232154
Will.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I thought i'd start at the beginning and this time it worked. I'd obviously done something wrong in the first place.
1) Import Certificate into IIS, Personal folder into same server where from you generated CSR.
2)IF you generated CSR from same server, Open EMC and select newly import certificate and click apply
3)If not, Please export the certificate in PFX format with Password and private key option checked.
4)Open IIS in Exchange server and Import certificate into IIS personal folder.
5)Open EMC in Exchange server and apply newly import certificate.
6)In additions to this, make sure intermediate certificate installed on Exchange server.