No private key found when importing corrected CA SSL cert.

Imported new SSL cert before realizing that I had to set it up to use my Barracuda Spam and Firewall's CSR.  Once I rekeyed and imported it will not supply a Private key for the new cert.  Assuming that cert was somehow corrupted; I rekeyed a third cert and started over on the process this morning, but I consistently cannot get a Private Key to generate.  I have attempted to repair and enable through cmd and shell respectively, and I have deleted outright and imported the new cert as well, and it simply will not generate/find a Private key.
coldbastAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
After you generate your CSR and you get your cer/crt file, upon importing this cert into the Exchange server where the CSR was generated you need to make sure that you allow the private key to be exportable. If you do not check this off then when you try and export the certificate it will be greyed out and not allow you to export the private key.

Private key is required.

Will.
0
coldbastAuthor Commented:
I got the CSR from my Barracuda spam and firewall. Also I am importing through the exchange shell; is there a particular syntax I should use in that command to make it exportable?
0
Will SzymkowskiSenior Solution ArchitectCommented:
Unless there is an option to export the private key on your barracude appliance I would be doing this from one of your Exchange Servers, using the MMC snapin.

From there you should be able to export the private key, import it on all of the other CAS servers.

once you have successfully imported the certificate you need to enable it, on all CAS servers.

Open the ESM run the below command after the cert has been imported.
Enable-ExchangeCertificate -Thumbprint <xxxxxxxxxxxxxxxxxx> -services "pop,imap,smtp,iis"

WIll.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

AmitIT ArchitectCommented:
Try this. Open Certificate and goto details tab, note down serial number. Now open CMD as admin and run below command

certutil -repairstore my "paste serial number here"

hit enter and check, if you can see private key or not.
0
coldbastAuthor Commented:
tried all of that, but no change.

Ultimately, I had to rekey from the beginning, upload that to the Exchange server, then I exported from Exchange, and with the help of Barracuda's excellent support, imported that cert and key into the barracuda.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Well at least your back in business!

Will.
0
coldbastAuthor Commented:
Will, In my frustration, I completely overlooked your spot-on answer.
0
Will SzymkowskiSenior Solution ArchitectCommented:
No worries, it happens!

Glad I could have helped.

Will.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.