SSL Certificates for Exchange 2010 – Generate a CER file not a REQ file


We use the site Certificates for Exchange to generate a multi-domain certificate. When we did the renewal, the new certificate wouldn’t install because it said PrivateKeyMissing.

So we tried to generate a new certificate request from the Exchange Management Console, but it only generated a .REQ file, not a .CER file. What to do?!

For any other confused occasional Exchange Administrators, here’s what we did.

covering

  • exchangeserver.company.com
  • autodiscover.company.com
  • servername.company.local
  • autodiscover.company.local

But the Exchange Management Console doesn’t allow you to generate CER format certificates.

To do this, after a bit of googling (from http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm):

In the Exchange Shell:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=UK, l=London, s=London, o=COMPANY, cn=COMPANY" -DomainName exchangeserver.company.com, autodiscover.company.com, servername.company.local, autodiscover.company.local -PrivateKeyExportable:$true

[Replace company.com etc with your own requirements of course!]

This dumps a certificate to the screen which you can copy to clipboard (right-click and select Mark, then select the screen area, then hit enter to copy to clipboard).

Now you need to find your certificate in Certificates for Exchange and “Re-Key” it.

Paste in the CER, and re-download the CRT file.

Now, in Exchange Management console, refresh and you will see your new request listed. Right-click and select “complete certificate request” and the rest is easy.

By the way, if you get stuck in a loop of doom and can’t seem to delete a certificate using

Remove-ExchangeCertificate -Thumbprint BLABLABLA

because you get an error, then you can delete it by running mmc, snap-in the certificate console, and find the certificate (the SHA-1 key is the thumbprint).

Good luck!

Advertisements

About saasmd

I am an experienced software-as-a-service entrepreneur, based in London, UK. I love building interesting software businesses. My current venture is StorIQ, a platform to help bricks-and-mortar retailers manage their operations more effectively. This blog is a space to share low-level techie stuff that I think other people will find useful.
This entry was posted in Techy Stuff. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s