Exchange Wildcard Certificate imported Powershell without password option (PrivateKeyMissing)

by butsch 28. August 2018 19:31

Valid Exchange 2010/2013/2016

Problem:

You can IMPORT a KEYFILE (Password) protected Exchange Certificate via Powershell. The import itself does work, it's there but the Cert is NOT usable for Exchange or visible in Powershell get-exchange certificate or in the Exchange Console under Certificates.

Import-ExchangeCertificate

-Instance <String[]>

[-Confirm]

[-DomainController <Fqdn>]

[-FriendlyName <String>]

[-Password <SecureString>]

[-PrivateKeyExportable <$true | $false>]

[-Server <ServerIdParameter>]

[-WhatIf]

[<CommonParameters>]

 

What you did:

You did use Powershell to import a valid WILDCARD Certificate into Exchange without the password option. If you do this by GUI (Console) you have to enter a password if the Certificate is protected.

  • The new imported wildcard does not open under get-exchangertificate | fl
  • You are UNABLE to remove-exchangecertificate the invalid Certificate with remove-exchangecertificate –thumbprint error: (PrivateKeyMissing)
  • You do NOT see the new Cert under GUI under Server in the Exchange Console

Remove-exchangecertificate -thumbprint E409F4412C605F44296957CD654EE45522EEC481

The certificate with thumbprint E409F4412C605F44296957CD654EE45522EEC481 was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing).

If you TRY to reimport the same Certificate with GUI

e

Already exists

Solution:

OPEN MMC

ADD Certificate Snap in

 

 COMPUTER

LOCAL COMPUTER

PERSONAL CERTIFICATES

 

Be sure that you're using the Certificate Snap-In for the Local Computer account!)

Check IF you find any new Certificates WITHOUT the GOLDEN KEY on the left side in the SYMBOL. These are the imported CERTS where the PRIVATE KEY is missing.

Delete that Certificate if you are sure it's the one you just imported with Exchange Powershell before.

SOLVED – Reimport the Exchange Wildcard Certificate with the CORRECT Options and a KEYFILE (Passwordfile) in Powershell or simply use The Exchange-Console-GUI to import the Wildcard and enter the password there.

 

Please see our important Links regarding handling of Exchange Certificates and Errors

http://www.butsch.ch/post/Exchange-20102013-POP-or-IMAP-with-Wildcard-Certificate-activation.aspx

  • Check that your import the INTERMEDIATE from your CERT provider
  • Make sure your Exchange VLAN Can Reach the Internet and some Certificate Revocations Adress (Here is how to check those etc.)

http://www.butsch.ch/post/The-certificate-is-invalid-for-exchange-server-usage-Exchange-2010-SANUC.aspx

http://www.butsch.ch/post/Generate-SAN-UC-Certificate-SSL-on-Exchange-2010.aspx 

http://www.butsch.ch/post/Exchange-2010-Certificate-stays-in-PENDING-REQUEST-after-import.aspx

Exchange with Wildcard and POP3 / IMAP

http://www.butsch.ch/post/Exchange-20102013-POP-or-IMAP-with-Wildcard-Certificate-activation.aspx

 

 

Tags:

Exchange 2010 | Exchange 2013 | Exchange 2016

Comments are closed

Werbung von Drittfirmen (Nicht Butsch Informatik):

Werbung von Drittfirmen via Google Adsense: