leop1212
asked on
renew certificate for exchange 2010 procedure
We have exchange 2010 expiring and I Just renewed it on Certificate for Exchange website and they regenerated new certificate with updated dates.
I was able to import intermediate certificate, but I can’t import or renew certificate in Exchange management console with CRT file supplied.
If I do import it ask me for a private key which I don’t have and if I create new CSR request and try to complete pending request its giving me an error “cannot import certificate as certificate with current thumbprint already exists.
What is the easiest and safest way to update certificate without any down time?
PS I do have many protocols and autodiscover and few other items listed on my current one I and don’t remember all the details of my current one
I was able to import intermediate certificate, but I can’t import or renew certificate in Exchange management console with CRT file supplied.
If I do import it ask me for a private key which I don’t have and if I create new CSR request and try to complete pending request its giving me an error “cannot import certificate as certificate with current thumbprint already exists.
What is the easiest and safest way to update certificate without any down time?
PS I do have many protocols and autodiscover and few other items listed on my current one I and don’t remember all the details of my current one
ASKER
I am not trying to assign service to certificate i am trying to renew expiring one.
Where did you renew the certificate?
ASKER
on my certificate provider website - https://www.secureserver.net/ssl/ssl-certificate.aspx?ci=1790&prog_id=417826&plid=417826
I did renew certificate once i paid for it. (renew didn't required new CSR) it just updated expiration date on CRT
I did renew certificate once i paid for it. (renew didn't required new CSR) it just updated expiration date on CRT
Do you see pending certificate request in the list of Exchange Certificates?
ASKER
yes I do see renew pending when I created renew certificate from EMC but when I do complete pending request i am getting this error
error “cannot import certificate as certificate with current thumbprint already exists.
while when I check via MMC under personal certificates I do see both old (expiring next month) and renewed ( expiring in 2020)
which I added via MMC
new one has a new thumbprint when I check detail not the same as the old on.
error “cannot import certificate as certificate with current thumbprint already exists.
while when I check via MMC under personal certificates I do see both old (expiring next month) and renewed ( expiring in 2020)
which I added via MMC
new one has a new thumbprint when I check detail not the same as the old on.
Start, Run, mmc,
Add Certificates snap-in for Computer account
Check certificates under Personal.
If you see certificate with matching thumbprint delete it (or better make a backup first and delete it).
Complete your pending request.
Add Certificates snap-in for Computer account
Check certificates under Personal.
If you see certificate with matching thumbprint delete it (or better make a backup first and delete it).
Complete your pending request.
ASKER
will i have any problem with a private key?
What kind of problem?
I believe you can not complete pending certificate request, because you will find a certificate with matching thumbrint already installed.
Export this certificate.
Then complete certificate request. After that you will assign new certificate to Exchange services.
I believe you can not complete pending certificate request, because you will find a certificate with matching thumbrint already installed.
Export this certificate.
Then complete certificate request. After that you will assign new certificate to Exchange services.
ASKER
I Just deleted old certificate , click on completing pending request pointed to a new one and it did take it,
however, pending request status didn't change
I do see new certificate in MMC under personal , however in EMC it says still pending?????
when I go to Digicert to test certificate it still show me he old one which is about to expire
however, pending request status didn't change
I do see new certificate in MMC under personal , however in EMC it says still pending?????
when I go to Digicert to test certificate it still show me he old one which is about to expire
1. After deleting certificate with matching thumbprint you should import the file from CA authority to complete pending request.
2. You did not assign new certificate to any services, that is why you are seeing old certificate.
If you are not sure, where are you at. Delete pending request, create new request and repeat the procedure. You will be issued a new certificate.
2. You did not assign new certificate to any services, that is why you are seeing old certificate.
If you are not sure, where are you at. Delete pending request, create new request and repeat the procedure. You will be issued a new certificate.
ASKER
i deleted pending , created new CSR have pending in EMC
go to complete pending browse to the CRT and it process it. I can see new certificate in personal with new dates but in EMC status doesn't change from pending to a certificate and I can't assign any services.
new certificate was generated from original csr by CA provider .
something is not matching
go to complete pending browse to the CRT and it process it. I can see new certificate in personal with new dates but in EMC status doesn't change from pending to a certificate and I can't assign any services.
new certificate was generated from original csr by CA provider .
something is not matching
Did you get any error when completing request?
Can you run this command frok powershell?
Do you see your new certificate?
Can you run this command frok powershell?
dir Cert:\LocalMachine\My
Do you see your new certificate?
ASKER
I didn't get any errors I added screenshot of powershell reply
i do see new certificate in mmc however pending status is still on EMC and I cant' assign any services
exch2010.JPG
i do see new certificate in mmc however pending status is still on EMC and I cant' assign any services
exch2010.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
please see an error attached
error3.JPG
error3.JPG
ASKER
I regenerated new certificate and it did work .
thank you Toni for working with me.
thank you Toni for working with me.
NP, mate.
Patience. ;)
Patience. ;)
Assign Services to a Certificate
https://technet.microsoft.com/en-us/library/dd351257(v=exchg.141).aspx