Link to home
Start Free TrialLog in
Avatar of scraftaus
scraftaus

asked on

Unable to complete creating self-signed certificate for Exchange 2010

Trying to renew / create a new Self Sign certificate on Exchange 2010 running on Windows SBS 2011 Standard.

Followed this guide to created the new certificate:
https://social.technet.microsoft.com/wiki/contents/articles/13916.how-to-use-a-self-signed-certificate-in-exchange-2010.aspx

After completing the certificate request the certificate disappears from within Exchange Management Console.

I researched this and found this guide:
https://superuser.com/questions/930902/exchange-2010-certificate-missing-after-completing-pending-certificate-signing

I ran the certutil -repairstore my "SerialNumber" command
Then attempted the Enable-ExchangeCertificate command.

But I end up with the error:
The certificate with thumbprint XXXXX was found but is not valid for use with Exchange Server (reason: PkixKpServerAuthNotFoundInEnhancedKeyUsage)

I have not been able to find a solution when I searched for this error.
ASKER CERTIFIED SOLUTION
Avatar of J0rtIT
J0rtIT
Flag of Venezuela, Bolivarian Republic of image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You can also just generate a free https://LetsEncrypt.org cert which all clients understand, so this avoids all the self-signed cert complexities.

The PkixKpServerAuthNotFoundInEnhancedKeyUsage message means your cert is damaged or might have been created with a very old/deprecated cipher which is no longer supported.

Provide the exact command you issued to generate your cert, attached as text, not an image.