Exchange 2016 - import cert to exchange - password is incorrect

drClays 146 Reputation points
2023-10-17T11:07:35.08+00:00

Hi,

I have a problem with importing a new certificate to Exchange 2016 CU23.

I used a command from MS but it's not working.

[PS] C:\Windows\system32>Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes('C:\Cert\cert.pfx')) -Password (ConvertTo-SecureString -String 'Password' -AsPlainText -Force)
A special Rpc error occurs on server EXCHANGE2016: The source data cannot be imported or the wrong password was specified.
    + CategoryInfo          : ReadError: (:) [Import-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : [Server=EXCHANGE2016,RequestId=3232dd3e-66c7-4d5c-a443-e25f826ad200,TimeStamp=17.10.2
   023 10:55:40] [FailureCategory=Cmdlet-InvalidOperationException] A39CF339,Microsoft.Exchange.Management.SystemConf
  igurationTasks.ImportExchangeCertificate
    + PSComputerName        : exchange2016.contoso.local

User's image

I tried to add a cert via exchange powershell and mmc>certificates but I have an error with the wrong password.

When I try to add this cert to a local computer it's working, the password is correct and I can import it.

Any suggestions? How can I import a new cert correctly?

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,110 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,400 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,392 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Andy David - MVP 142.7K Reputation points MVP
    2023-10-17T11:37:55.5033333+00:00

    You will need to provide the password for the exported private key for that cert.

    IF you dont know it, then export the original cert again with the private key and a new password.


  2. TCZELH 1 Reputation point
    2023-11-27T11:27:40.4433333+00:00

    I found solution. Use this parameters:

    openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -inkey contoso.com.key -in contoso.com.crt -out contoso.com-legacy.pfx
    
    0 comments No comments