Exchange 2010 complete certificate request problem


I was renewing Exchange certificate for my test domain salonovi.cz. I was doing it via EMC console but behind of GUI it is done via certificate request CMDlet. For Example this CMDlet:

New-ExchangeCertificate  -Server 'SERVER1' -FriendlyName 'Your Exchange Certificate Name' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=Country code,S="Region",L="City",O="Organization name",OU="Department Name",CN=CAS Array hostname' -DomainName 'server1.domain.com,'server2.domain.com',...

I am using certificate from Startcom certification authority (however this happened to me also vith GeoTrust), because it is free, so I have passed the request to web browser and generated new certificate, downloaded it and tried to import the certificate to Exchange environment.

First import went OK, but I havent seen pending certificate request to be completed

Second try of import generated an error:

CSR problems

I have checked local certificate store for the computer account and the certificate was there, but didn´t have private key attached to it.

Solution:

Solution is simple. Run the command bellow, where red text is the serial number of your certificate

certutil -repairstore my "SerialNumber"

After running the command certificate with serial number “SerialNumber” will be connected to its private key and pending certificate request will be completed, and you can continue as usual.

Links:

MS KB on support.microsoft.com

 

 

 

Advertisements

2 thoughts on “Exchange 2010 complete certificate request problem

  1. Pingback: SMTP certificate renewal and EDGE subscription | FICILITY.NET

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s