Import Certificate issues.

Not open for further replies.

Mark Chris

I am trying to import a UCC Go-daddy cert into exchange 2010. Im having some problems and seeking assistance. Here is what happened;

*Created CSR request using DigiCerts Exchange 2010 CSR tool.

*Sent the CSR request to GoDaddy.

*Received the crt file back from GoDaddy.

*Use the following command to generate cert request on EMS;

(I removed relevant company info from command)

Set-Content -path " C:\name of csr file" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName " c=US, s=, l=, o=, ou=Information Technology, cn=" -DomainName,, -PrivateKeyExportable $True)

In EMC, under Server Config-Exchange Certs... A pending request appears.

*Ran the following in EMS;

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\ -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services “IIS”

*In EMC, I assigned the Services to the new cert.

*My counterpart stated that he messed up the GoDaddy UCC request and submitted a new one and recommended I import the new cert.

*In EMC, removed the certificate I just imported. Leaving the exchange default cert that was installed when I installed exchange 2010. I've enabled this cert and assigned services to it.

*Im my attempts to get the new cert imported... I am receiving the following message;

[PS] C:\Windows\system32>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\crt file
-Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services " IIS"
Cannot import certificate. A certificate with the thumbprint D963C602DA36783C337B40B9E1D5C451B2757405 already exists.
+ CategoryInfo : WriteError: :)) [Import-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 7288D023,Microsoft.Exchange.Management.SystemConfigurationTasks.ImportExchangeCertificate

I've tried everything....removing any reference to GoDaddy or the new cert from the Certificate MMC and attempting import. I've tried using the EMS to complete pending request and get the same error;

Summary: 2 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:00:10
Read file
Exchange Management Shell command completed:
Read binary stream from the file 'C:\cert file name'.
Elapsed Time: 00:00:00
crt file name
Cannot import certificate. A certificate with the thumbprint D963C602DA36783C337B40B9E1D5C451B2757405 already exists.
Exchange Management Shell command attempted:
Import-ExchangeCertificate -Server 'Servername' -FileData '<Binary Data>'
Elapsed Time: 00:00:10

Can someone offer assistance to me... I've followed serveral posts from technet and the web and not making forward progress.

Mark C

Mark Chris

I got this figured out....

to get the default self-signed cert back... ran the new-exchangecertificate cmdlet and BAM!!!! back in business.

then I regenerated my cert with a new csr, donloaded from go-daddy as a " exchange 2007" cert and imported.

Im good to go.

Mark C
Not open for further replies.