Share via

Exchange 2016 Certificate import problem

PaulH 41 Reputation points
2022-02-07T18:00:31.233+00:00

We have a wildcard certificate for our organization's external presence. It works with our older Exchange 2010 servers and we had no problem importing and using it on those platforms. However we are migrating to Ex2016 as a stepping stone to Exchange online.

When I use the EMS cmdlet:

Import-ExchangeCertificate -FileName "C:\temp\star_skld_com.crt" -Password (ConvertTo-SecureString -String 'PASSWORD' -AsPlainText -Force)

I get no errors and what looks like a successful import. However when I look at the certificates:

Get-ExchangeCertificate | where {$_.Status -eq "Valid"} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,NotBefore,NotAfter

The new certificate does not show in the list.

If I delete the certificate from the Certificate MMC and I import the certificate it still does not show in either EMC nor that same command in EMS.

I cannot find anything relating to this problem and how to solve it.

Exchange | Exchange Server | Management
0 comments
Accepted answer
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2022-02-07T20:09:06.347+00:00

    Probably shows as invalid: 

    Get-ExchangeCertificate

    Looks like you are not importing the private key.
    Remove the one that isnt working from the 2016 Server, then:

    The easiest way to fix is to export the cert from the 2010 servers with the private key and password to a *.pfx file.

    Then import that to the 2016 servers

    Ensure that the complete cert chain is installed on the 2016 servers as well.

    You can verify:
    https://www.digicert.com/support/tools/certificate-utility-for-windows

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Joyce Shen - MSFT 16,701 Reputation points
    2022-02-08T06:11:32.893+00:00

    Hi @PaulH

    Yes, like Andy suggest above, we need to export the certificate with the private key into a PFX file and import that into Exchange 2016.

    To export the certificate from Exchange 2010 follow the below steps

    1. Open EMC
    2. Go to Server Configuration
    3. Select the server which has working certificate
    4. In the right lower pane you will see the certificate.
    5. Right click the certificate and select “Export Exchange Certificate”.
    6. Browse a location, select pfx format and give password to the export file and click Export.

    A related link here: Export a certificate from Exchange 2007/2010 and Import in Exchange 2013
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. PaulH 41 Reputation points
    2022-02-08T13:52:56.423+00:00

    Thanks for the help. Technically both answers work however I am marking AndyDavid's response as the answer. Not sure if anyone gets cred for being correct. :)

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.