No announcement yet.

Deleted Exchange SSL certificate, SBS 2011

  • Filter
  • Time
  • Show
Clear All
new posts

  • Deleted Exchange SSL certificate, SBS 2011

    I purchased an SSL certificate using the wizard in Exchange 2010 (SBS 2011). The request was approved and I downloaded the certificate in two parts, the CER and the p7 part. I imported the p7 into the Intermediate Certificate Authorities but I accidently deleted the Go Daddy Exchange Certificate that allows me to complete the pending request.

    Reinstalling the certificate does not install the Exchnage certificate. Is there any way I can recover this?

    Network Engineers do IT under the desk

  • #2
    Re: Deleted Exchange SSL certificate, SBS 2011

    Yes there is, you can repair it. I have had the same problem myself once.
    Open IIS Manager (IIS 6)
    Right click on the site and choose Properties
    Click on tab Directory Security on Server Certificate.
    Start Run MMC and click OK
    Go to File and Add/Remove Snap in
    Click on Add, choose in the Add Standalone Snap-in view the Certificates snap-in and click on Add
    Select Computer account (and this is important, it must be computer account)
    Choose Local computer and click finish
    Close the Add Standalone Snap-in box en click OK in the Add/remove Snap-in screen and go beack to the MMC.

    Install new certificate
    In the Certificates snap - in dialog box , expand Certificates from , right-click the Personal folder , move the pointer to All Tasks , and click Import .
    On the Welcome to the Certificate Import Wizard page , click Next .
    Click the File to Import page , click Browse ... .
    Navigate to the new certificate , click on it and click Open . Then click Next .
    On the Certificate Store page , click Place all certificates in the following store , and then click Browse.
    Select the Personal certificate store in the Select Certificate Store window and click OK .
    Click Next and then Finish to complete the import.
    Pair new certificate to the Private Key
    In the Certificates snap-in , double-click the imported certificate that is in the Personal folder .
    In the Certificate dialog box, click the Details tab , click
    Click the Serial Number in the Field column of the Details tab and write down the serial number .
    Click the Start Menu → Run , type cmd in the Run box and click OK . It opens a command prompt .
    In the command prompt , type the following line : certutil -repair my " serial "
    Note : replace serial number with the serial number listed in step 3 .
    Right-click in the Certificates snap-in Certificates, and select Refresh . The certificate should now have . An associated private key This can be checked by double clicking on the certificate: the bottom of the message should be You have a private key corresponding That pounder with this certificate .
    The certificate now has an associated private key . The IIS Manager can be used to assign to the website . Restored keypaar (certificate)


    • #3
      Re: Deleted Exchange SSL certificate, SBS 2011

      I appreciate all the time you took to walk me through this but the certificate still does not appear in Exchange Certificates in the EMC. CertUtil -repairstore worked fine.

      When I originally installed the certificate, the instruction on Go Daddy said to install it to Intermediate Certificate Authorities.

      Also, when I open IIS 6.0 and click properties, onlt one box opens with a checkbox that says "Enable direct database edite". There are no sites or tabs here.

      Thanks once again for your help. Have I missed something to get the certificate back in EMC?
      Network Engineers do IT under the desk


      • #4
        Re: Deleted Exchange SSL certificate, SBS 2011

        You should be in IIS7 (IIS Manager). The IIS6 manager is there for legacy purposes
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **


        • #5
          Re: Deleted Exchange SSL certificate, SBS 2011

          I found the solution. I started the new certificate wizard in the EMC. After I had a cert.req, I selected 're-key' on the Go Daddy site that allowed a new certificate to be issued. Everything works good now. Thanks once again for the help above. I think its great when someone goes through all the time and effort like jantje did trying to share his knowledge.
          Network Engineers do IT under the desk