Cannot Import Certificate to Exchange 2010

  • Thread starter Rateb Abu-Hawieleh
  • Start date Views 2,029
R

Rateb Abu-Hawieleh

#1
I am installing new Exchange 2010 for 2003 migration. I have 2 CAS/HUB Server to be used in the environment. I have requested a new public certificate from Entrust, copied the text from the reuest URL pasted it in notepad, saved it in a crt, cer, pfx and tried them all.

when i import the certificate it does not apear in the EMC, and when i try to enable-exchangecertificate to assign services i get the error " The certificate with thumbprint ?b4 d8 1a 17 25 22 fa b6 23 0c df e8 31 72 d9 18 75 98 fd b2 was not found.
+ CategoryInfo : ObjectNotFound: :)) [Enable-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 78619DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificat
e

the problem is that somebody removed the exchage certificate request after the .req was submitted to entrust and i cannot do the complete pedning request.

even when i create a new request with the same options and choose to complete pending request, it completes but it still self-signed and cannot assign services to it. when i open it, the certificate information says " this CA certificate root is not trusted, to enable trust isntall this certificate in the trusted root certification authorities store although it is already there."

please help me
 
J

Jonas Andersson [MCITP]

#2
Hi

This sounds like you should delete the pending request and re-create the CSR , save the csr to .req file and give it to Entrust, get the cert text from Entrust, save it to .cer file and then right click the pending certificate process and complete the process by pointing to the .cer file you just saved with the text from Entrust.

Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
 
R

Rateb Abu-Hawieleh

#3
Dear Jonas,

Thanks for quick response:)

this is the answer which I was avoiding, actually I am waiting Entrust support to verify this procedure will not take much time and i will leave as the last choice but I am wondering why is that weired behaviour! do you think there is another method?

I will keep you updated with the progress

BR

Rateb
 
J

Jonas Andersson [MCITP]

#4
Sometimes things just goes wrong :)

Too fast or something like that, when I have these problems, usually you have a login account /portal for the certificate request..

You can always revoke the certificate and create a new one

In your case because of the support, just hold on and wait what they have to say

Normally if you have created the CSR the " complete pending request" will stay in EMC.

Just a control question now, it isn't that you also need to install a intermediate certificate from Entrust?

Verify it by starting an MMC console, add certificates (computer) and check the certificate under Personal. Validate the path/chain.

Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
 
Top