Share via

How do you install SSL Certificate with or without CSR

DevVon B. Pettway 0 Reputation points
2025-06-23T19:52:18.3933333+00:00

I got the following from a 3rd party vendor on installing a certificate.

Steps to Update the Certificate Without a New CSR

  1. Import the renewed certificate  

   - Copy the new certificate file (.cer) to your Exchange server.

   - Open an elevated Command Prompt and run:

     ```cmd

     certutil -addstore my "C:\path\to\your\certificate.cer"

     ```

   - This will add the certificate to the Local Machine > Personal store.

 

  1. Bind the renewed certificate to the existing private key  

   - Run the following command to associate the new certificate with the existing private key:

     ```cmd

     certutil -repairstore my "

Community Center Not monitored
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mr Humayun 155 Reputation points
    2025-06-23T20:01:14.3533333+00:00

    Hi,

    Thank you for reaching out. The steps you've provided are generally correct for updating a certificate without generating a new CSR, especially for Exchange servers. However, if these steps don't align with your server environment, it could be due to differences in your configuration or server platform. Here are a few adjustments based on common scenarios:

    For Exchange Servers:

    1. Import the renewed certificate: Use the following command to import the certificate: 
         cmd
   Copy
   certutil -addstore my "C:\path\to\certificate.cer"
      Bind the certificate to the existing private key: You can link the new certificate to the existing private key with: 
         cmd
   Copy
   certutil -repairstore my "<serial_number>"
      Verify the certificate: Run the following PowerShell command to confirm the new certificate is installed: 
         powershell
   Copy
   Get-ExchangeCertificate | Format-Table Subject, Thumbprint, NotAfter
      Assign Exchange services: Use the thumbprint of the new certificate to enable the necessary services: 
         powershell
   Copy
   Enable-ExchangeCertificate -Thumbprint <NewThumbprint> -Services IIS,SMTP,POP,IMAP
      Remove the old certificate (optional): If everything is working as expected, you can remove the old certificate: 
         powershell
   Copy
   Remove-ExchangeCertificate -Thumbprint <OldThumbprint>

    For Non-Exchange Servers:

    If you are not using Exchange, the process will vary. For example, in IIS, you can:

    Import the certificate via the IIS Manager under "Server Certificates."

    Bind the certificate to your site through the "Bindings" option, selecting the new certificate.

    Common Issues:

    Certificate Chain Issues: Ensure the certificate chain is complete (including intermediate certificates).

    Private Key Association: If the certificate fails to bind to the private key, you may need to regenerate the certificate or re-import the private key.

    I hope this helps. Let me know if you need further assistance, and I'll be happy to assist you!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.