Exchange server – Renewed SSL cert have no private key

Posted: July 23, 2021 in Exchange

Exchange server SSL certificate was about to expire,in Exchange control panel created Certificate request

Created Certificate request, purchased new cert and after importing it, i still was seeing “Pending request” instead of new certificate.

Cert was installed in Local machine personal store but without private key (missing “key” icon)

Obtained SSL cert serial number

Created new private key for SSL certificate

certutil -repairstore my "4efaf9cf77fe59a448506e8a92a2b941"

Also, noted cert had no friendly name, so had to create it too:

Get Cert thumbprint:

(Get-ChildItem -Path Cert:\LocalMachine\My\<The thumbprint of your certificate>).FriendlyName = ''

(Get-ChildItem -Path Cert:\LocalMachine\My\e3c38169c22034de908e59c86171aa23c6ad01cc).FriendlyName = ''

After refreshing Exchange control panel, certificate finally appeared, with friendly name, now what’s left was to activate new cert

Enable-ExchangeCertificate –Thumbprint e3c38169c22034de908e59c86171aa23c6ad01cc –Services "IIS, SMTP, POP, IMAP"

Now delete old certificate, after testing access, in web browser i still saw old cert, had to restart IIS service to see new certificate.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s