I have a functioning Exchange 2010 system with a SAN/UCC certificate provided by GoDaddy. Recently, we had to add a SAN and remove a SAN, and GoDaddy allows this to happen in the Certificate Management Console at the customer interface WITHOUT requiring a new CSR to get the new SAN's in place. DIGICERT, REGISTER.COM and others allows for this type of SAN maintenance as well.
Once the SAN's are updated and approved and I download the new CRT/CRT file, I am able to import the CRT/CER file into the Windows Certificate management console (mmc --> add/remove snapin --> certificates --> this computer) but I am NOT able to import it into the Exchange System Manager because the Exchange System Manager import utility REQUIRES a password for the certificate being imported. (This would be expected if the file was a PFX export that included a PRIVATE KEY from another system).
Once imported, because the certificate does not have a corresponding private key, it is unable to be assigned to anything like IIS websites or Exchange services (it does not appear for use). Certificates ONLY appear for use if they are imported with a proper private key.
I'd like to avoid going through the entire CSR process again through the Exchange console since I just added and removed a SAN from the cert, this is not a renewal or a completely new key....is there any way to use this CER/CRT file in the Exchange system and assign it for use without doing a completely new CSR from powershell or from the Exchange MMC wizard?