Creating a Certificate for Exchange Server 2019 Issue

Mahmoud Teleb 0 Reputation points
2024-08-25T11:55:23.7166667+00:00

I tried to create a certificate for Exchange server 2019 cu12, I've designated my Active Directory as a Certificate Authority(CA), then I've created a CSR on Exchange by running the following commands:

$binrequest = New-ExchangeCertificate -GenerateRequest -BinaryEncoded -SubjectName "c=US,o=Woodgrove Bank,cn=mail.woodgrovebank.com" -DomainName autodiscover.woodgrovebank.com,mail.fabrikam.com,autodiscover.fabrikam.com

[System.IO.File]::WriteAllBytes('\FileServer01\Data\woodgrovebank.pfx', $binrequest.FileData)

When I try to open the certificate request file, an message appeared says"This file is invalid for use as the following:Personal Information Exchange"Screenshot_45

So, what must I do for taking the request file and put it into the Certificate Authority to create the certificate and import it to the Exchange Server2019 cu12

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,266 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,604 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jake Zhang-MSFT 5,055 Reputation points Microsoft Vendor
    2024-08-26T07:20:32.9333333+00:00

    Hi @Mahmoud Teleb,

    Welcome to the Microsoft Q&A platform!

    It looks like you're creating a certificate request (CSR) for your Exchange Server 2019 CU12 and encountering an issue with the format of the request file. The error "This file is invalid for use as the following: Personal Information Exchange" suggests that the file you generated is not in the correct format for the task you're attempting.

    Here's a step-by-step guide to correctly create and use the CSR file:

    1. Create the CSR (Certificate Signing Request):

       Use the following PowerShell command to generate a Base64-encoded CSR file, which is more commonly used for submission to a CA.

    
       $csr = New-ExchangeCertificate -GenerateRequest -SubjectName "c=US,o=Woodgrove Bank,cn=mail.woodgrovebank.com" -DomainName autodiscover.woodgrovebank.com,mail.fabrikam.com,autodiscover.fabrikam.com
       Set-Content -Path '\\FileServer01\Data\woodgrovebank.req' -Value $csr
    
    

       This will create a CSR in the proper format for you to submit to your CA.

    1. Submit the CSR to the CA:

       - On your CA server, open the Certification Authority console.

       - Right-click on the CA name -> All Tasks -> Submit a new request.

       - Browse to the file woodgrovebank.req that you created and submit it.

    1. Issue the Certificate:

       - Once the request is submitted, go to Pending Requests in the Certification Authority console.

       - Find your request, right-click on it, and choose 'Issue.'

       - Go to the Issued Certificates section, find your certificate, right-click on it, and choose 'Export' to export the certificate (in DER encoded .cer file format).

    1. Import the Certificate to Exchange Server:

       Use the following PowerShell command to import the certificate to the Exchange server:

       Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "\\FileServer01\Data\woodgrovebank.cer" -Encoding Byte -ReadCount 0)) -FriendlyName "WoodgroveBankCertificate"
    
    1. Enable the Certificate for Exchange Services:

       Use the following PowerShell command to enable the certificate for the required Exchange services (e.g., IIS, SMTP):

       Enable-ExchangeCertificate -Thumbprint <ThumbprintGenerated> -Services IIS,SMTP
    

       Replace <ThumbprintGenerated> with the actual thumbprint from the imported certificate.

    By following these steps, you should be able to create a CSR, submit it to your CA, obtain the certificate, and import it into your Exchange Server 2019 CU12.

    Please feel free to contact me if you have any queries.

    Best,

    Jake Zhang


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.