• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 96
  • Last Modified:

cannot create certificate for EXCH2013 migration

Hello,
I want to migrate from EXCH2007 to 2013.
Now I want to build up the coexistence.
I have created a cert request on the new EXCH2013 server.

From the documentation, I have created this request :

New-ExchangeCertificate -FriendlyName 'Contoso Exchange 15 Certificate' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=EG,S="Cairo",L="Cairo",O="Contoso",OU="IT",CN=mail.contoso.com' -DomainName 'mail.contoso.com','autodiscover.contoso.com' ,'legacy.contoso.com','autodiscover.domain.com','mail.domain.com','mobile.externaldomain.com' | out-file c:\sw\e15_csr.txt

Open in new window



But I cannot read this with my Windows 2008 CA.
Do you have any ideas ?
0
Eprs_Admin
Asked:
Eprs_Admin
  • 11
  • 8
  • 2
5 Solutions
 
AkhaterCommented:
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
I entered the same command on my old HUBCAS 2007.
Here I had to shorten the subjectname.
I have got a CSR file with this one I was able to create an certificate.

But with a CSR from EXCH2013 server it is impossible. Why ?
0
 
MAS (MVE)EE Solution GuideCommented:
Hi,
Please post the error.

Please try to create a CSR using this.
https://www.experts-exchange.com/articles/28662/Easy-CSR-creation-Exchange-2007-2010-and-2013.html
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Eprs_AdminSystem ArchitectAuthor Commented:
Hi MAS,

now I have created the CSR on my HUBCAS2007.
Is it a problem ?

Because on the EXCH2013 I can create the CSR, but I cannot use the CSR with my CA.
Remember my CA is on WIN2008.
0
 
AkhaterCommented:
no problem you can't use the CSR of 2007
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
And I have another question to your solution:

About this command:
Enable-ExchangeCertificate -Thumbprint A826389C71ED5870137B866F01192D47F69CE526 -Services IIS,POP,IMAP

Open in new window

Why SMTP is not enabled here ?
On my old EXCH2007 the active certificate has all enabled.
Can you tell me why ?
0
 
AkhaterCommented:
you do not need to worry about SMTP needs to use internal certificate anyway
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
Now I want to enable the cert but again with error:

It is not possible on the EXCH2013 Powershell.
When I do it on the  EXCH2007 Powershell all works and I can export the cert with the key.

Why is it like this ?
Has it to do with my old ROOT CA ? WIN2008
0
 
AkhaterCommented:
Can you please share the error? What do you mean not possible?

Did you export the certificate with private key from 2007 and installed it on 2013?
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
Did you export the certificate with private key from 2007 and installed it on 2013?
YES !
Is it a problem ?
0
 
AkhaterCommented:
Not at all this is what you need to do...

What is the error?
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
I cannot send the error now.

I have created the CSR on EXCH2013.
I have exported the CSR and imported to my CA. This always failed, no download option came up.
There was no error.
When I tried to request a CERT from CA (GUI) then an error came up WIN32: 13
Sorry I cannot tell you more about it.
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
ok, so I can import the CERT on all old HUBCAS and on all new EXCH2013 servers right ?
0
 
AkhaterCommented:
yes with private key
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
ok thanks, will do and proceed with the migration.
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
about this command:

.\setup /m:Install /Roles:ca,mb,mt /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents /DBFilePath:"C:\DB01\DB01.edb" /LogFolderPath:"C:\DB01\Logs" /MdbName:"DB01"

Open in new window


I haven't installed like this, I used the GUI.
There is no DB created. Can I do this manually at every time ?
0
 
AkhaterCommented:
wrong question ??
1
 
Eprs_AdminSystem ArchitectAuthor Commented:
another ticket ?
0
 
AkhaterCommented:
yes please let's keep this question relevant :)

If it was answered kindly close it

ربنا يخليك
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
I could generate the CSR and the CERTs.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 11
  • 8
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now