Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Import-ExchangeCertificate cmdlet error

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> Import-ExchangeCertificate cmdlet error Page: [1]
Login
Message << Older Topic   Newer Topic >>
Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
Import-ExchangeCertificate cmdlet error - 1.Apr.2008 12:25:51 AM   
Mediaogre

 

Posts: 25
Joined: 26.Mar.2008
Status: online 		Folks,

I generated a SAN cert request using the New-ExchangeCertificate cmdlet. I have the third-party cert (A SAN from Verisign) but when I run Import-ExchangeCertificate, it throws this error:

***SNIP***

[PS] C:\>Import-ExchangeCertificate -Path c:\CAS_SAN_cert.p7b | Enable-ExchangeCertificate -Services
IIS
Import-ExchangeCertificate : Cannot import as there already is a certificate with a thumbprint of 1
88590E94878478E33B6194E59FBBB28FF0888D5.
At line:1 char:27
+ Import-ExchangeCertificate  <<<< -Path c:\CAS_SAN_cert.p7b | Enable-ExchangeCertificate -Services
IIS

***SNIP***

Any ideas?

-Greg
Post #: 1
RE: Import-ExchangeCertificate cmdlet error - 2.Apr.2008 12:26:50 PM   
Mediaogre

 

Posts: 25
Joined: 26.Mar.2008
Status: online 		I was able to get past the issue doing this:

-Deleted the self-signed cert via certificated manager mmc (However, according to the import-exchangecertificate cmdlet a thumbprint still existed for CAS.mydomain.com even after deleting the cert. BTW- I exported the keypair prior to deletion to err on the side of caution.)

-Recreated the cert request via the new-exchangecertificate cmdlet (Be very deliberate when you do this. Exchange requires the certain values are specified during for the request AND your third-party vendor requires specific values as well, e.g., country code, CN, etc.)

-"Replaced" (this is Verisign's term) the SSL SAN cert using my managed PKI account at Verisign. Essentially, you must deactivate/revoke a cert if you've already received one, and then re-request it.

-Imported the new certificate via import-exchangecertificate cmdlet and enabled IIS services... worked like a charm

Feel free to reply to this post if you are experiencing similar issues with the cmdlet, and third-party SSL certificate imports andyou'd like more detail.

-Greg

(in reply to Mediaogre)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> Import-ExchangeCertificate cmdlet error Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts