Exchange 2007 Certificate import error
I am trying to import a new certificate for Exchange Server 2007 to replace the old one. In the Exchange Shell I type in the following:
New-ExchangeCertificate -generaterequest -SubjectName "C=US, S=Ohio, l=Columbus, O=Our company name, CN=mail1.ourcompany.org" -domainname *.ourcompany.org,autodiscover.ourcompany.org,activesync.ourcompany.org, -Services "SMTP",IMAP,POP,"IIS" -privatekeyexportable:$true -path c:\cert_PKCS_10_2009.txt
I always get the error below. What I noticed on the actual error is, where it says ‘New-ExchangeCertificate’, there is a + sign in front of the word New but there is no + sign in the command that I paste in. Could this be the issue? Is this command written proper?
Error:
New-ExchangeCertificate : A parameter cannot be found that matches parameter na
me 'System.Object[]'.
At line:1 char:24
+ New-ExchangeCertificate -generaterequest -SubjectName "C=US, S=Ohio, l=Columbus, O=Our company name, CN=mail1.ourcompany.org" -domainname *.ourcompany.org,autodiscover.ourcompany.org,activesync.ourcompany.org, -Services "SMTP",IMAP,POP,"IIS" -privatekeyexportable:$true -path c:\cert_PKCS_10_2009.txt
Thanks for any insight you can provide on this.
All Replies
- The syntax should be like this:
New-ExchangeCertificate -GenerateRequest -Path c:\mail_ourcompany_com.csr -KeySize 2048 -SubjectName "c=US, s=Ohio, l=Columbus, o=Our company name, ou=Messaging, cn=mail.ourcompany.org" -DomainName *.ourcompany.org, autodiscover.ourcompany.org, activesync.ourcompany.org -PrivateKeyExportable $True
Two things to note here:
1) I put in the OU Messaging, you might want to change that
2) I have no experience with wild card certificates. But with SAN/UC, you will need to repeate the Subject common Name (mail.ourcompany.org) in the list of Subject Alternative Names. With your wild card (*.ourcompany.org) you sort of have done that, but some one else must tell if that will work. What would have worked is: mail.ourcompany.org.
But don't just copy and paste it. Go in here and have this code generator generate your PowerShell script. You don't have to buy a certificate from Digi Cert to use their Exchange 2007 CSR Tool
https://www.digicert.com/easy-csr/exchange2007.htm
You should use the -Services when you enable the certificate.
P.S. Now first I see that you want to import a new certificate. The syntax is like this:
Import-ExchangeCertificate –path C:\Cert\certnew.cer –FriendlyName “Exchange Certificate” | Enable-ExchangeCertificate –Services “IIS, POP, IMAP”
Jon-Alfred Smith MCTS: Messaging | MCSE: S+M - Hi,
Did you try it without the *.ourcompany.org ? This is what is listed in the Technet article:
Use this parameter to populate one or more domain names (FQDN) or server names in the resulting certificate request.
Domain names are restricted to the characters "a-z", "0-9" and the hyphen ("-"). Each domain name cannot be longer than 255 characters.
To enter multiple domain or server names, you must enter the names separated by commas.
Regards,
Johan
blog: www.johanveldhuis.nl - Hi ,
Please visit the below library.
http://technet.microsoft.com/en-us/library/aa997569.aspx
Have a good day, Sachin Shetty| MCP|MCTS|MCITP-EMA| - If your old Cert has the right FQDN's already, you can pipe it. Try:
Get-ExchangeCertificate -thumbprint |New-ExchangeCertificate - GenerateRequest
Oliver
