SSL Certificates for Exchange 2010 – Generate a CER file not a REQ file

We use the site Certificates for Exchange to generate a multi-domain certificate. When we did the renewal, the new certificate wouldn’t install because it said PrivateKeyMissing.

So we tried to generate a new certificate request from the Exchange Management Console, but it only generated a .REQ file, not a .CER file. What to do?!

For any other confused occasional Exchange Administrators, here’s what we did.



But the Exchange Management Console doesn’t allow you to generate CER format certificates.

To do this, after a bit of googling (from

In the Exchange Shell:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=UK, l=London, s=London, o=COMPANY, cn=COMPANY" -DomainName,,, -PrivateKeyExportable:$true

[Replace etc with your own requirements of course!]

This dumps a certificate to the screen which you can copy to clipboard (right-click and select Mark, then select the screen area, then hit enter to copy to clipboard).

Now you need to find your certificate in Certificates for Exchange and “Re-Key” it.

Paste in the CER, and re-download the CRT file.

Now, in Exchange Management console, refresh and you will see your new request listed. Right-click and select “complete certificate request” and the rest is easy.

By the way, if you get stuck in a loop of doom and can’t seem to delete a certificate using

Remove-ExchangeCertificate -Thumbprint BLABLABLA

because you get an error, then you can delete it by running mmc, snap-in the certificate console, and find the certificate (the SHA-1 key is the thumbprint).

Good luck!


About saasmd

I am an experienced software-as-a-service entrepreneur, based in London, UK. I love building interesting software businesses. My current venture is StorIQ, a platform to help bricks-and-mortar retailers manage their operations more effectively. This blog is a space to share low-level techie stuff that I think other people will find useful.
This entry was posted in Techy Stuff. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s