Membership Membership:
Latest New User Latest: vpros
Past 24 Hours Past 24 Hours: 0
Prev. 24 Hours Prev. 24 Hours: 0
User Count Overall: 137

People Online People Online:
Visitors Visitors: 11
Members Members: 0
Total Total: 11

NakedMCSE Computer Tech Support Forums

So you have passed all of the exams and you are now out in the real world of windows servers, linux servers and freebsd servers faced with a tech support problem you have never seen before...

Find free online tech support in the forums below, respecting that advice is free, but work beyond advice is not...

The General forum is provided for off topic discussion.

You need a user account to post - please Register or Login.

Online Tech Support Forums
  Forum  Microsoft Tech ...  Exchange Server  Exchange 2007 SSL and "not valid for use with Exchange Server (reason: PrivateKeyMissing)"
Previous Previous
Next Next
New Post 1/5/2010 6:59 AM
119 posts
10th Level Poster

Exchange 2007 SSL and "not valid for use with Exchange Server (reason: PrivateKeyMissing)" 
Modified By Walker  on 1/5/2010 8:02:39 AM)

Exchange 2007 SSL certificates are handled through the Exchange Management Shell using the following commands:

Import-ExchangeCertificate -Path C:\domain_name.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

The path specifies where the certificate to be installed is stored on the hard disk. The Services option can be any combination of these values: IMAP, POP, UM, IIS, SMTP. To disable a certificate, set the Services parameter to 'None'.

You can verify that the certificate is enabled by using the following command:

Get-ExchangeCertificate -DomainName

If you need to manually enable a certificate, you will need the thumbprint for the certficate from the above command, which you then can feed to the following command:

Enable-ExchangeCertificate -ThumbPrint THUMBPRINT-GOES-HERE -Services "SMTP, IMAP, POP, IIS"

Very occaisonally you will receive the following error message when trying to import a certificate:

Enable-ExchangeCertificate : The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing)

The reason for this is that due to an error in the import commandlet, exchange will sometimes damage a certificate during install.

This is fixable using a combination of the certificates MMC snapin and the exchange management shell:

  1. Open MMC (Microsoft Management Console) to the Certificate Manager (Certificates Snap-in) for the Local Computer account.
  2. Double-Click on the recently imported certificate.
  3. Go to the Details tab.
  4. Click on the Serial Number field and copy down that number.
  5. Open up the exchange management shell.
  6. Type: certutil -repairstore my "SerialNumber" (where SerialNumber is the number you copied down WITH NO SPACES between the digit pairs)

Now you should be able to enable the certificate in Exchange.


Previous Previous
Next Next
  Forum  Microsoft Tech ...  Exchange Server  Exchange 2007 SSL and "not valid for use with Exchange Server (reason: PrivateKeyMissing)"
Send me One Million FREE Guaranteed Visitors