error in SSL cert?

[QwertyJuan]

Welcome to the Exchange Management Shell!

Full list of cmdlets: get-command
Only Exchange cmdlets: get-excommand
Cmdlets for a specific role: get-help -role *UM* or *Mailbox*
Get general help: help
Get help for a cmdlet: help <cmdlet-name> or <cmdlet-name> -?
Show quick reference guide: quickref
Exchange team blog: get-exblog
Show full output for a cmd: <cmd> | format-list

Tip of the day #11:

Pushd and Popd work the same way in the Exchange Management Shell as they do in
cmd.exe. Type:

Pushd <location>

[PS] C:\Program Files\Microsoft\Exchange Server\Bin>Enable-ExchangeCertificate -
Thumbprint 8AE00C8779EC255D7EB62371D00038867084D328 -Services "SMTP,IIS"
Enable-ExchangeCertificate : The certificate with thumbprint 8AE00C8779EC255D7E
B62371D00038867084D328 was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate <<<< -Thumbprint 8AE00C8779EC255D7EB62371D0003886
7084D328 -Services "SMTP,IIS"
[PS] C:\Program Files\Microsoft\Exchange Server\Bin>

I get this when I try to import the cert I got from GoDaddy... what did I do wrong? Or what did they do wrong?

 

[berky]

(reason: PrivateKeyMissing).

There's your problem. you can't import a public key without having the private key. if this is from godaddy, don't they manage that part? i've never used them or any other similar service, so i don't know how exactly it works.

did you submit a CSR to them? what steps did you go through up to this point?

 

[QwertyJuan]

The URL owa.MYDOMAINHERE.com is being hosted here at work.

 

[berky]

but did you create a CSR that you submitted to godaddy? if so, you had to have the private key to do that. what did you do with it?

 

[QwertyJuan]

but did you create a CSR that you submitted to godaddy? if so, you had to have the private key to do that. what did you do with it?

Yes, I created the CSR with exchange 2007, then copied that and pasted it into the web browser and sent it to them. Where do I place the private key? Same folder as the public key I just received?

 

[QwertyJuan]

P.S. The private key is still sitting in the root of c:\ it's a *.csr file right?

 

[berky]

no, the private key is usually a .key file. the .csr is the Certificate Signing Request.

honestly I don't know how you import the private key, but it certainly sounds like you need to either put it in the right directory or import it in somehow. I've only ever done certs on linux-based OS's.

 

[PTNL]

GoDaddy's site has SSL installation instructions for a variety of server platforms.

 

[QwertyJuan]

I followed those instructions....

 

[berky]

did you find your private key?

 

[QwertyJuan]

Found the problem... in between the time I made the cert request, and the time I recived it, I was playing with the server, and I used selfssl.exe to make a self-signed cert. I was trying to make sure my Exchange server was working(it is).... regardless, all I had to do was 're-key' the cert)as advised by godaddy, and BAM, it worked like a charm.