Renew a self-signing certificate
I have ISA 2004, Exchange Server 2007 both running Windows 2003 server.
I have a self-signing certificate that was created by the Exchange Server. This certificate will expire in a week. How do I renew this certificate? How can I, if possible, renew it for more than a year?
This certificate was exported and added to the listener property of the Web Publishing Rule in ISA 2004. This rule has OWA and Microsoft-Server-ActiveSync also as the paths.
I have owa and iphone users.
Thank you
ScottL
July 12th, 2010 9:42pm
For Exchange 2007:
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"sloeb" wrote in message
news:d1abb593-6cf2-40cf-a038-231493ab5c33...
I have ISA 2004, Exchange Server 2007 both running Windows 2003 server.
I have a self-signing certificate that was created by the Exchange Server. This certificate will expire in a week. How do I renew this certificate? How can I, if possible, renew it for more than a year?
This certificate was exported and added to the listener property of the Web Publishing Rule in ISA 2004. This rule has OWA and Microsoft-Server-ActiveSync also as the paths.
I have owa and iphone users.
Thank you
ScottLEd Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 12th, 2010 10:13pm
After I renewed the certificate and enabled IIS, I tried to export it using the Export-ExchangeCertificate command. Once it asked me for the user name and password it came back and gave me the following error:
Export-ExchangeCertificate : Cannot gain access to the private key or it is not
exportable, and as a result cannot export as PKCS-12.
Parameter name: Thumbprint
At line:1 char:27
I used the Thumbprint of the renewed certificate. Also I used several user names and passwords, the Administrator for my domain, the administrator for the local server.
Do I need to do something to it to make it exportable?
I can export the old certificate with the Export-ExchangeCertificate command.
ScottL
July 13th, 2010 7:38pm
There's no point in trying to export a self-signed certificate. It's of no use anywhere else.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"sloeb" wrote in message
news:3fc5936f-507d-4f0a-917d-3ef398e215f6...
After I renewed the certificate and enabled IIS, I tried to export it using the Export-ExchangeCertificate command. Once it asked me for the user name and password it came back and gave me the following error:
Export-ExchangeCertificate : Cannot gain access to the private key or it is not
exportable, and as a result cannot export as PKCS-12.
Parameter name: Thumbprint
At line:1 char:27
I used the Thumbprint of the renewed certificate. Also I used several user names and passwords, the Administrator for my domain, the administrator for the local server.
Do I need to do something to it to make it exportable?
I can export the old certificate with the Export-ExchangeCertificate command.
ScottLEd Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2010 7:25am
After I renewed the certificate and enabled IIS, I tried to export it using the Export-ExchangeCertificate command. Once it asked me for the user name and password it came back and gave me the following error:
Export-ExchangeCertificate : Cannot gain access to the private key or it is not
exportable, and as a result cannot export as PKCS-12.
Parameter name: Thumbprint
At line:1 char:27
I used the Thumbprint of the renewed certificate. Also I used several user names and passwords, the Administrator for my domain, the administrator for the local server.
Do I need to do something to it to make it exportable?
I can export the old certificate with the Export-ExchangeCertificate command.
Hi ScottL,
Did you try to export certificate from MMC?
If you still cannot export it from MMC, please renew the certificate again. (add -PrivateKeyExportable:$True)
Get-ExchangeCertificate -Thumbprint "number" | New-ExchangeCertificate -PrivateKeyExportable:$True
After that, try to export the newest certificate from MMC.
Don't forget to enable services on the new certificate.Frank Wang
July 14th, 2010 10:47am
Hi ScottL,
How about your question? Any updates?Frank Wang
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2010 4:26am
The command Get-ExchangeCertificate -Thumbprint "number" | New-ExchangeCertificate -PrivateKeyExportable:$True worked great. I can export it and import it in my ISA server.
Thank you all
ScottLScottL
July 19th, 2010 7:31pm