Hi @Mahmoud Teleb,
Welcome to the Microsoft Q&A platform!
It looks like you're creating a certificate request (CSR) for your Exchange Server 2019 CU12 and encountering an issue with the format of the request file. The error "This file is invalid for use as the following: Personal Information Exchange" suggests that the file you generated is not in the correct format for the task you're attempting.
Here's a step-by-step guide to correctly create and use the CSR file:
- Create the CSR (Certificate Signing Request):
Use the following PowerShell command to generate a Base64-encoded CSR file, which is more commonly used for submission to a CA.
$csr = New-ExchangeCertificate -GenerateRequest -SubjectName "c=US,o=Woodgrove Bank,cn=mail.woodgrovebank.com" -DomainName autodiscover.woodgrovebank.com,mail.fabrikam.com,autodiscover.fabrikam.com
Set-Content -Path '\\FileServer01\Data\woodgrovebank.req' -Value $csr
This will create a CSR in the proper format for you to submit to your CA.
- Submit the CSR to the CA:
- On your CA server, open the Certification Authority console.
- Right-click on the CA name -> All Tasks -> Submit a new request.
- Browse to the file woodgrovebank.req
that you created and submit it.
- Issue the Certificate:
- Once the request is submitted, go to Pending Requests in the Certification Authority console.
- Find your request, right-click on it, and choose 'Issue.'
- Go to the Issued Certificates section, find your certificate, right-click on it, and choose 'Export' to export the certificate (in DER encoded .cer file format).
- Import the Certificate to Exchange Server:
Use the following PowerShell command to import the certificate to the Exchange server:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "\\FileServer01\Data\woodgrovebank.cer" -Encoding Byte -ReadCount 0)) -FriendlyName "WoodgroveBankCertificate"
- Enable the Certificate for Exchange Services:
Use the following PowerShell command to enable the certificate for the required Exchange services (e.g., IIS, SMTP):
Enable-ExchangeCertificate -Thumbprint <ThumbprintGenerated> -Services IIS,SMTP
Replace <ThumbprintGenerated>
with the actual thumbprint from the imported certificate.
By following these steps, you should be able to create a CSR, submit it to your CA, obtain the certificate, and import it into your Exchange Server 2019 CU12.
Please feel free to contact me if you have any queries.
Best,
Jake Zhang