?
Solved

Import Cert issue

Posted on 2016-11-07
15
Medium Priority
?
55 Views
Last Modified: 2016-11-14
When trying to renew cert for Exchange 2013, After importing the new cert it says at "Pending request " status. IF I go into the MMC and check the certs. it shows up there but not assign to friendly name. I have tried this multiple times.

I feel like I am missing something silly.
0
Comment
Question by:jyoung127
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 3
  • +1
15 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 41877328
Can you goto to cert properties and check if friendly name is given or not.
0
 

Author Comment

by:jyoung127
ID: 41877336
Nope if I go to mmc/ add the certificates and look at the new imported cert. it shows everything but friendly name = <none>
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41877391
Ensure that the imported certificate is including the private key.

Some simple was to test it:
Option 1: On the MMC console, notice if the certificate icon shows a Key.
Option 2: Right click the certificate, select the option export, and check if the process asks you to include the private key (If that option is not available the certificate does not have the private key included or at least it was not set as exportable).

If it was the case you will need to complete the process again (Because Exchange will not recognize the certificate as valid, and it will be in pending state, until the certificate includes the private key).
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:jyoung127
ID: 41877399
There is no Key next to the Cert in mmc. I followed the import process for this
I imported the Intermediate cert
and followed the wizard in Admin console for Exchange. Not sure what else to try.
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41877405
Ok, how did you make the certificate request process?
- Using the Exchange Administrative Center (web administrative console), or....
- Using Exchange Management Shell, or...
- Other method (i.e. MMC console, certutil command, other).

Are you using a public CA?
0
 

Author Comment

by:jyoung127
ID: 41877408
Used Exchange Administrative Center,
I followed : https://www.godaddy.com/help/exchange-server-2013-install-a-certificate-4774
0
 
LVL 16

Accepted Solution

by:
Todd Nelson earned 2000 total points
ID: 41877500
I've almost always had issues with importing a renewed cert or new cert into Exchange 2013 using the EAC.  The EMS is much more reliable--and you should never need to use the MMC.  But if you must renew using EAC, use this reference ... http://exchangeserverpro.com/renewing-an-ssl-certificate-for-exchange-server-2013/

And if you are going to use any reference documentation, use TechNet or Digicert.  GoDaddy's documentation is subpar at best.
0
 

Author Comment

by:jyoung127
ID: 41877560
Do yo have a link on how to use The EMS ?  I have already tried with EAC multiple times and it does not work.
0
 

Author Comment

by:jyoung127
ID: 41879390
Update I got busy working on some other issues. I will look at this in more detail tomorrow and report back.
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41883883
jyoung127, will you give an update of your progress?
0
 

Author Comment

by:jyoung127
ID: 41886476
Sorry for the delay , I will look at this today and let you know. I have never done it using command before might take me a bit to figure out. Any good tips?
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41886481
It will be ok just following the reference links from Todd of the command line or the process involving the GUI (However, at the end the GUI is just an interface to generate the commands that make the task). But with the commands many more settings and details can be customized.
0
 

Author Comment

by:jyoung127
ID: 41886703
So I am just renewing the current SSL what command would I need. I only see if I am doing a new.
When following this link : https://oddytee.wordpress.com/2014/09/09/exchange-2013-certificate-commands/


If I do it through the GUI It will not go from pending.

I am not sure if it matters but this was auto renew by Godaddy.
0
 

Author Closing Comment

by:jyoung127
ID: 41886735
I feel like such a rookie today. I figure out I was not rekeying the Cert in GOdaddy site.
Thanks for the help.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month11 days, 17 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question