Importing Exchange 2013 SSL Certificate: Access denied.

Hello Experts,

After a long ardous journey I am almost done with the deployment of Exchange 2013 at our organization but i've hit a snag along the way and for the life of me I cannot figure out why this issue is occuring.

I am trying to import a SAN certificate and when doing It fails with the following message:

"The imported certificate file for server 'EX13Server' failed to access for the following reason: Access to the path '\\servershare' is denied."

I have given full access permission to everyone for that share. I can access the share from the server, I can read/write from it. I am completely puzzled as to why it will not let me import that certificate.

Anyone have any ideas what I may be doing wrong?

Thank you.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
I always copy the cert directly to the Exchange server usually putting it in a folder called certs (c:\certs). From there i open the MMC, import the cert in to the computer cert store.

Open the EMS and run the Enable-ExchangeCertificate cmdlet. That is all that is required.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ILoveNEAuthor Commented:
I am trying to install a SAN SSL certificate.

I download it as a .zip file from godaddy and there are two files: one is a security certificate(.crt) and the other file says: gd_iis_intermidiates.p7b

Where in the store do each of these files go if importing them manually through mmc?

thanks as always for your help.
Will SzymkowskiSenior Solution ArchitectCommented:
You only require the crt file. Open the MMC and make sure that it is under Computer Account. From there import it into the personal store. You will be asked if you want to make the Private Key exportable, choose Yes.

Once it is imported, run the Enable-ExchangeCertificate cmdlet on the machine. If you have other CAS servers you will also need to expor the cert and import it into the other CAS servers as well.

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

ILoveNEAuthor Commented:
Thanks for the response will,

I put the certificate under the personal store in the local computer but when I go to exchange it does not show up under certificates. Also, it did not ask me if i wanted to make the private key exportable during the import.

exchange is making me age very rapidly.
Will SzymkowskiSenior Solution ArchitectCommented:
When you import a crt file you will be asked. Try it again via the MMC.

ILoveNEAuthor Commented:
My previous post was refferencing what hapenned when I tried it using the MMC. I was able to import it but it never asked me whether I wanted to make the key exportable.
Will SzymkowskiSenior Solution ArchitectCommented:
If you open the EMS and run get-exchangecertificate | ft do you see the cert

Simon Butler (Sembee)ConsultantCommented:
Have you got a pending SSL request on the server?
If not, then the file you have from GoDaddy is useless.

You need to install the intermediate certificates on the server through the Certificates MMC panel, as per the instructions from GoDaddy.
The other file is the certificate response to your request. If you have a pending request then you need to choose to complete it. The file on its own is no good.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.