Hi, I had a working SSL cert (Go-Daddy) imported and enabled on Exchange 2007. Recently, I changed one of its alter subject name from Go-Daddy's SSL Cert manage console. So I have been re-issue a cert file and the current one installed on the server has since been revoked. Now, I have remove the current cert from Exchange with remove-ExchangeCertificate command. I then successfully import the new SSL cert downloaded from Go-daddy. However, when I try to enable it, got error says, "thumbprint was found but is not valid for use (Privatekey Missing)". And I cannot see this cert from get-ExchangeCertificate command. Does this mean I have to re-create a CSR?

Yes, you'll need to regenerate it with the required domain names via Powershell and go through the steps to get the new cert from GoDaddy, import, enable, etc...

Hi Guys, I got it fixed without go through the re-creating hassle. I think the issue was caused by the new SSL Cert does not contain the Privatekey, which originally generated. The key however, is still stored on the Exchange itself. The way to retrieve is to use certutil... First, import the SSL Cert into Certificates management console (mmc->add remove snap-in) with Computer Account. Under Personal->Certificates. Then got the SN of the certificate from Details. With this serial number, use certutil -repairestore my "SN". After that I was able to find the cert by using get-ExchangeCertificate command and then enable it.