0

I feel like I must be doing something quite stupid but I can't figure out what.

I have a UCC cert for email1.domain.com, email2.domain.com, webmail.domain.com

I have two CAS servers email1.domain.com and email2.domain.com they aren't using Microsoft NLB.

I generated the CSR on email1.domain.com and all went well with importing as well. When I try to import it to email2.domain.com I get the following error.

[PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint XYZ -Services "SMTP, IIS" Enable-ExchangeCertificate : The certificate with thumbprint XYZ was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing). At line:1 char:27 + Enable-ExchangeCertificate <<<< -Thumbprint XYZ -Services "SMTP, IIS"

I have tried certutil -repairstore my "certserial#" and re-importing cert

If it matters this is a GoDaddy UCC cert. Should I also be adding autodiscover.domain.com to the cert as well for Outlook Anywhere?

Thanks,

PHLiGHT
  • 1,041
  • 10
  • 25

1 Answers1

0

Your problem is that the second server, the one you didn't generate the csr on, does not have the private key for the cert and so can't use it. The easiest option is to export the cert from the first server as a pfx file, with the private key then import on the second.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
  • Do these directions seem to outline just what I need to do? http://www.digicert.com/ssl-support/pfx-import-export-exchange-2007.htm – PHLiGHT Sep 01 '10 at 03:40
  • Yes, that should do what you need. – Sam Cogan Sep 01 '10 at 06:13
  • Thanks, that did the trick. I wish digicert's prices were closer to GoDaddy's because they have excellent support docs. GoDaddy said I was pretty much on my own and would need to contact Microsoft for help. – PHLiGHT Sep 01 '10 at 12:53