Trouble importing SSL Certificate from GoDaddy for Exchange 2013
Ok so due a hick up our SSL cert on the exchange 2013 expired last night and this morning we had no exchange server.
I've we've bought another SSL cert downloaded it from Go Daddy but I am having trouble installing it.
So far I've Installed an Intermediate Certificate
and it appears in Certificate
Apparently I should get a new certificate with “Pending request” but it doesn't appear
I am at total lose any help would be great
Thanks
Ian.
Instruction I've followed
To Install an Intermediate Certificate in Microsoft Exchange Server 2013
1.Click Start, and then click Run....
2.Type mmc, and then click OK. The Microsoft Management Console (Console1) window opens.
3.In the Console1 window, click File, and then select Add/Remove Snap-in.
4.In the Add or Remove Snap-ins window, select Certificates, and then click Add.
5.In the Computer Account window, select Computer Account, and then click Next.
6.In the Select Computer window, select Local Computer, and then click Finish.
7.In the Add or Remove Snap-ins window, click OK.
8.In the Console1 window, click + to expand the Certificates (Local Computer) folder on the left.
9.Right-click Intermediate Certification Authorities, mouse over All Tasks, and then click Import.
10.In the Certificate Import Wizard window, click Next.
11.Click Browse to find the intermediate certificate file.
12.In the Open window, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7b file, and then click Open.
13.In the Certificate Import Wizard window, click Next.
14.Select Place all certificates in the following store, and then click Browse.
15.In the Select Certificate Store window, select Intermediate Certification Authorities, and then click OK.
16.In the Certificate Import Wizard window, click Next.
17.Click Finish.
18.Click OK.
19.Close the Console1 window, and then click No to remove the console settings.
To Install an SSL Certificate in Microsoft Exchange Server 2013
1.Log in to the Exchange Admin Center.
2.From the left menu, select Servers, and then click Certificates.
3.Select your certificate (it has a “Pending request” status), and then click Complete.
4.For File to import from, enter the certificate file path we provided (such as \\server\folder\coolexampl
5.In the Certificates section, select your certificate again (the status changed to “Valid”), and then click Edit (pencil icon).
6.Click Services, select the services to which the certificate applies (SMTP, UM, UM call router, IMAP, POP, and/or IIS), and then click OK. Your certificate is now ready to use with Exchange 2013.
d
I've we've bought another SSL cert downloaded it from Go Daddy but I am having trouble installing it.
So far I've Installed an Intermediate Certificate
and it appears in Certificate
Apparently I should get a new certificate with “Pending request” but it doesn't appear
I am at total lose any help would be great
Thanks
Ian.
Instruction I've followed
To Install an Intermediate Certificate in Microsoft Exchange Server 2013
1.Click Start, and then click Run....
2.Type mmc, and then click OK. The Microsoft Management Console (Console1) window opens.
3.In the Console1 window, click File, and then select Add/Remove Snap-in.
4.In the Add or Remove Snap-ins window, select Certificates, and then click Add.
5.In the Computer Account window, select Computer Account, and then click Next.
6.In the Select Computer window, select Local Computer, and then click Finish.
7.In the Add or Remove Snap-ins window, click OK.
8.In the Console1 window, click + to expand the Certificates (Local Computer) folder on the left.
9.Right-click Intermediate Certification Authorities, mouse over All Tasks, and then click Import.
10.In the Certificate Import Wizard window, click Next.
11.Click Browse to find the intermediate certificate file.
12.In the Open window, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7b file, and then click Open.
13.In the Certificate Import Wizard window, click Next.
14.Select Place all certificates in the following store, and then click Browse.
15.In the Select Certificate Store window, select Intermediate Certification Authorities, and then click OK.
16.In the Certificate Import Wizard window, click Next.
17.Click Finish.
18.Click OK.
19.Close the Console1 window, and then click No to remove the console settings.
To Install an SSL Certificate in Microsoft Exchange Server 2013
1.Log in to the Exchange Admin Center.
2.From the left menu, select Servers, and then click Certificates.
3.Select your certificate (it has a “Pending request” status), and then click Complete.
4.For File to import from, enter the certificate file path we provided (such as \\server\folder\coolexampl
5.In the Certificates section, select your certificate again (the status changed to “Valid”), and then click Edit (pencil icon).
6.Click Services, select the services to which the certificate applies (SMTP, UM, UM call router, IMAP, POP, and/or IIS), and then click OK. Your certificate is now ready to use with Exchange 2013.
d
Last Comment
Hi,
what is that certificate mail.wiseman.co.uk doing in intermediate cert store? That is you certificate for exchange, I guess?
It should be in Personal store of Exchange. Move it there..
what is that certificate mail.wiseman.co.uk doing in intermediate cert store? That is you certificate for exchange, I guess?
It should be in Personal store of Exchange. Move it there..
ASKER
Hi Ivan
Thanks for you help
That step seems to be missing from my instruction ok so I've now imported the cert using the ... 3 dots - and it went through no problem but still isn't showing as pending
I've tried to install it again and got and error because it said the cert was already there see image below
Any ideas?
Thanks for you help
That step seems to be missing from my instruction ok so I've now imported the cert using the ... 3 dots - and it went through no problem but still isn't showing as pending
I've tried to install it again and got and error because it said the cert was already there see image below
Any ideas?
Hi,
can you refresh that certificate page? Or logout, login from ECP..
If you have reissued certificate from GoDaddy site, then you will not have "pending" request.
When you import certificate, either via ..., or when you import it via Personal store, then when logged to ECP, certificate should show up there. Refresh page.
can you refresh that certificate page? Or logout, login from ECP..
If you have reissued certificate from GoDaddy site, then you will not have "pending" request.
When you import certificate, either via ..., or when you import it via Personal store, then when logged to ECP, certificate should show up there. Refresh page.
ASKER
Ok so imported the cert before I saw your comment about placing the cert in the personal store - I've now imported into the personal store.
I've refreshed several time and logged in and out of ECP but cert still isn't displaying :-(
Any ideas?
Thanks for your help
Ian.
I've refreshed several time and logged in and out of ECP but cert still isn't displaying :-(
Any ideas?
Thanks for your help
Ian.
Hi,
when you open that certificate, on main page, does it says that you have a private key that corresponds to this certificate?
Regards,
Ivan.
cert.jpg
when you open that certificate, on main page, does it says that you have a private key that corresponds to this certificate?
Regards,
Ivan.
cert.jpg
ASKER
No it doesn't screen show what it says
Ok, you need to generate private key for that certificate. To do that, from cmd, (open it via run as admin), type:
certutil –repairstore my <serial number>
To find serial number, open certificate, go to details, and "serial number" should be second field. Type it without spaces, or use "".
Like:
certutil –repairstore my "14 b0 cf dd 0a 58 3d ab 42 fb 6a 08 57 32 03 fd"
or
certutil –repairstore my 14b0cfdd0a583dab42fb6a085
After that you should have a private key, and it will show up in ECP.
certutil –repairstore my <serial number>
To find serial number, open certificate, go to details, and "serial number" should be second field. Type it without spaces, or use "".
Like:
certutil –repairstore my "14 b0 cf dd 0a 58 3d ab 42 fb 6a 08 57 32 03 fd"
or
certutil –repairstore my 14b0cfdd0a583dab42fb6a085
After that you should have a private key, and it will show up in ECP.
ASKER
Ok I'll do that now
I just checked with powershell and the cert doesn't appear to be installed even thought ecp is say it is but not listed
Woud you expect that to be the case?
Ian
I just checked with powershell and the cert doesn't appear to be installed even thought ecp is say it is but not listed
Woud you expect that to be the case?
Ian
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Its working now Ivan - there no friendly name coming up in the ECP - but all the client are connecting
Thank you so much for your help - the instruction from Godaddy were way off and I would have been really stuck with out you and Expert Exchange
Thank You
Ian.
Thank you so much for your help - the instruction from Godaddy were way off and I would have been really stuck with out you and Expert Exchange
Thank You
Ian.
Hi,
you can add friendly name. Go to MMC --> certificate --> find your cert, and then open it and on first screen you will see "Friendly name".
Just add name there, and after refresh you can see it in ECP :)
Glad to help.
Regards,
Ivan.
you can add friendly name. Go to MMC --> certificate --> find your cert, and then open it and on first screen you will see "Friendly name".
Just add name there, and after refresh you can see it in ECP :)
Glad to help.
Regards,
Ivan.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
if you have not done a new certificate request, then you will not see a "Pending request" button.
Simple install certificate into store, from that Certificates page, go to ... (3 dots) and select import certificate. After that you can enable it for the same services as old one was used. Those will be IIS, and maybe some other.
Click on old certificate, and see for what services was it enabled. Then click on new certificate, and you will have option to enable it for services.
Regards,
Ivan.