This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 96%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Hi,
I have a problem with importing a new certificate to Exchange 2016 CU23.
I used a command from MS but it's not working.
[PS] C:\Windows\system32>Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes('C:\Cert\cert.pfx')) -Password (ConvertTo-SecureString -String 'Password' -AsPlainText -Force)
A special Rpc error occurs on server EXCHANGE2016: The source data cannot be imported or the wrong password was specified.
+ CategoryInfo : ReadError: (:) [Import-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : [Server=EXCHANGE2016,RequestId=3232dd3e-66c7-4d5c-a443-e25f826ad200,TimeStamp=17.10.2
023 10:55:40] [FailureCategory=Cmdlet-InvalidOperationException] A39CF339,Microsoft.Exchange.Management.SystemConf
igurationTasks.ImportExchangeCertificate
+ PSComputerName : exchange2016.contoso.local
I tried to add a cert via exchange powershell and mmc>certificates but I have an error with the wrong password.
When I try to add this cert to a local computer it's working, the password is correct and I can import it.
Any suggestions? How can I import a new cert correctly?
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 13%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
@drClays How are things going on? Please kindly accept the appropriate response as Answer so that others in the community facing similar issues can easily find the solution.
You will need to provide the password for the exported private key for that cert.
IF you dont know it, then export the original cert again with the private key and a new password.
Do you think I provided the wrong password?
I wrote the correct password. On the server this password is not working, on local compute it's working...
Hello @drClays ,
Have you checked if the certificate is already installed on the server? If it is, try removing it and then importing it again.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 85%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
I found solution. Use this parameters:
openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -inkey contoso.com.key -in contoso.com.crt -out contoso.com-legacy.pfx