Unable to complete creating self-signed certificate for Exchange 2010

scraftaus used Ask the Experts™
Trying to renew / create a new Self Sign certificate on Exchange 2010 running on Windows SBS 2011 Standard.

Followed this guide to created the new certificate:

After completing the certificate request the certificate disappears from within Exchange Management Console.

I researched this and found this guide:

I ran the certutil -repairstore my "SerialNumber" command
Then attempted the Enable-ExchangeCertificate command.

But I end up with the error:
The certificate with thumbprint XXXXX was found but is not valid for use with Exchange Server (reason: PkixKpServerAuthNotFoundInEnhancedKeyUsage)

I have not been able to find a solution when I searched for this error.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018
Just use exchange cmdlets using powershell

use example1 (for the exchange to sign the cert itself)
or example2 if you want to sign it somewhere else in your domain.
David FavorFractional CTO
Distinguished Expert 2018

You can also just generate a free https://LetsEncrypt.org cert which all clients understand, so this avoids all the self-signed cert complexities.

The PkixKpServerAuthNotFoundInEnhancedKeyUsage message means your cert is damaged or might have been created with a very old/deprecated cipher which is no longer supported.

Provide the exact command you issued to generate your cert, attached as text, not an image.
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial