Solved

cannot create certificate for EXCH2013 migration

Posted on 2016-10-17
21
71 Views
Last Modified: 2016-10-18
Hello,
I want to migrate from EXCH2007 to 2013.
Now I want to build up the coexistence.
I have created a cert request on the new EXCH2013 server.

From the documentation, I have created this request :

New-ExchangeCertificate -FriendlyName 'Contoso Exchange 15 Certificate' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=EG,S="Cairo",L="Cairo",O="Contoso",OU="IT",CN=mail.contoso.com' -DomainName 'mail.contoso.com','autodiscover.contoso.com' ,'legacy.contoso.com','autodiscover.domain.com','mail.domain.com','mobile.externaldomain.com' | out-file c:\sw\e15_csr.txt

Open in new window



But I cannot read this with my Windows 2008 CA.
Do you have any ideas ?
0
Comment
Question by:Eprs_Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
  • 2
21 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 41846669
0
 

Author Comment

by:Eprs_Admin
ID: 41846709
I entered the same command on my old HUBCAS 2007.
Here I had to shorten the subjectname.
I have got a CSR file with this one I was able to create an certificate.

But with a CSR from EXCH2013 server it is impossible. Why ?
0
 
LVL 27

Assisted Solution

by:☠MAS☠
☠MAS☠ earned 250 total points
ID: 41846724
Hi,
Please post the error.

Please try to create a CSR using this.
https://www.experts-exchange.com/articles/28662/Easy-CSR-creation-Exchange-2007-2010-and-2013.html
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:Eprs_Admin
ID: 41846733
Hi MAS,

now I have created the CSR on my HUBCAS2007.
Is it a problem ?

Because on the EXCH2013 I can create the CSR, but I cannot use the CSR with my CA.
Remember my CA is on WIN2008.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 41846745
no problem you can't use the CSR of 2007
0
 

Author Comment

by:Eprs_Admin
ID: 41846747
And I have another question to your solution:

About this command:
Enable-ExchangeCertificate -Thumbprint A826389C71ED5870137B866F01192D47F69CE526 -Services IIS,POP,IMAP

Open in new window

Why SMTP is not enabled here ?
On my old EXCH2007 the active certificate has all enabled.
Can you tell me why ?
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 41846748
you do not need to worry about SMTP needs to use internal certificate anyway
0
 

Author Comment

by:Eprs_Admin
ID: 41846818
Now I want to enable the cert but again with error:

It is not possible on the EXCH2013 Powershell.
When I do it on the  EXCH2007 Powershell all works and I can export the cert with the key.

Why is it like this ?
Has it to do with my old ROOT CA ? WIN2008
0
 
LVL 49

Expert Comment

by:Akhater
ID: 41846826
Can you please share the error? What do you mean not possible?

Did you export the certificate with private key from 2007 and installed it on 2013?
0
 
LVL 27

Assisted Solution

by:☠MAS☠
☠MAS☠ earned 250 total points
ID: 41846827
0
 

Author Comment

by:Eprs_Admin
ID: 41846882
Did you export the certificate with private key from 2007 and installed it on 2013?
YES !
Is it a problem ?
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 41846883
Not at all this is what you need to do...

What is the error?
0
 

Author Comment

by:Eprs_Admin
ID: 41846903
I cannot send the error now.

I have created the CSR on EXCH2013.
I have exported the CSR and imported to my CA. This always failed, no download option came up.
There was no error.
When I tried to request a CERT from CA (GUI) then an error came up WIN32: 13
Sorry I cannot tell you more about it.
0
 

Author Comment

by:Eprs_Admin
ID: 41846909
ok, so I can import the CERT on all old HUBCAS and on all new EXCH2013 servers right ?
0
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 41846913
yes with private key
0
 

Author Comment

by:Eprs_Admin
ID: 41846917
ok thanks, will do and proceed with the migration.
0
 

Author Comment

by:Eprs_Admin
ID: 41847807
about this command:

.\setup /m:Install /Roles:ca,mb,mt /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents /DBFilePath:"C:\DB01\DB01.edb" /LogFolderPath:"C:\DB01\Logs" /MdbName:"DB01"

Open in new window


I haven't installed like this, I used the GUI.
There is no DB created. Can I do this manually at every time ?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 41847817
wrong question ??
1
 

Author Comment

by:Eprs_Admin
ID: 41847826
another ticket ?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 41847830
yes please let's keep this question relevant :)

If it was answered kindly close it

ربنا يخليك
0
 

Author Closing Comment

by:Eprs_Admin
ID: 41847831
I could generate the CSR and the CERTs.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question