locked
Exchange Certificate RRS feed

  • Question

  • Good day

    Recently my exchange certificate expired and renew it,I have got two Cas server,when I renew it,I uploaded it to 1 Cas server and assuming that it will replicate to another server,its not replicating to another Server and i was forced to switch off the Cas server without valid certificate because if is on,outlook display a message of expired certificate.I have tried to import the certificate but not working.May somebody please advise on other way i can use to make it replicate?I ma using exchange 2013 and Server 2012 OS

    Thursday, April 2, 2015 6:20 AM

Answers

  • Certificates don't replicate - you need to export the certificate (with its private key) and import that onto the second CAS.
    Thursday, April 2, 2015 1:54 PM
  • This should help you for 2013:

    http://exchangeserverpro.com/exchange-2013-ssl-certificate-export-import/

    You may have to install intermediate certificates on the second server as well. In practice, I have found that if the previous intermediate certificate is still valid, you can still use it.

    EDIT: remember to export the private key as well since, by default, it will only be present on the server that made the original certificate request.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.


    Thursday, April 2, 2015 2:52 PM

All replies

  • Certificates don't replicate - you need to export the certificate (with its private key) and import that onto the second CAS.
    Thursday, April 2, 2015 1:54 PM
  • This should help you for 2013:

    http://exchangeserverpro.com/exchange-2013-ssl-certificate-export-import/

    You may have to install intermediate certificates on the second server as well. In practice, I have found that if the previous intermediate certificate is still valid, you can still use it.

    EDIT: remember to export the private key as well since, by default, it will only be present on the server that made the original certificate request.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.


    Thursday, April 2, 2015 2:52 PM
  • Hi

    I have done export and import but when i import,i got the message that thumbprint exist

    Friday, April 10, 2015 5:37 AM
  • Let's be sure we understand your process.  You exported the certificate from the server it is currently installed on, and when asked if you wanted to include the private key, you said yes.  Then you took this certificate to the other server and attempted to import it.  This is where you got the error that the key exists?  Are you sure you exported the new certificate and not the pre-existing one?  The only way the key should exist is if the certificate was already on the second server, and the only key you've told us about on the second server is the original key.
    Friday, April 10, 2015 1:39 PM
  • How is this going? Have you made any progress?

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Friday, April 17, 2015 7:22 PM