locked
Renovar Certificado Exchange 2007 SP3 RRS feed

  • Pregunta

  • Buenas Gente,

    Les comento que esto teniendo un problema a la hora de renovar mi certificado auto firmado, aqui dejo lo que hago y el error:

    [PS] C:\Documents and Settings\admingd\Desktop>New-ExchangeCertificate -verbose
    VERBOSE: New-ExchangeCertificate : Beginning processing.
    VERBOSE: Generate certificate: FriendlyName="Microsoft Exchange",
    SubjectName="cn=nearbas1004", DomainName="nearbas1004, nearbas1004.nearba.net",
     Services="SMTP", KeySize="2048"
    WARNING: An unexpected error has occurred and debug information is being
    generated: Access is denied.
    New-ExchangeCertificate : Access is denied.
    At line:1 char:24
    + New-ExchangeCertificate <<<<  -verbose
        + CategoryInfo          : NotSpecified: (:) [New-ExchangeCertificate], Cry
       ptographicException
        + FullyQualifiedErrorId : System.Security.Cryptography.CryptographicExcept
       ion,Microsoft.Exchange.Management.SystemConfigurationTasks.NewExchangeCert
      ificate

    No logro identificar donde esta el problema ya que el certificado me funciona bien desde hace un año y ahora lo queria renovar ya que se me esta por vencer.

    Saludos.


    Gaston Dominguez

    lunes, 23 de julio de 2012 14:19

Respuestas

Todas las respuestas

  • Hola,

    Revisa esta web donde está explicado de modo sencillo cómo renovar un certificado autofirmado para Exchange 2007, http://www.msexchangegeek.com/2009/04/24/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/


    Saludos,

    Marc
    Microsoft MVP - Directory Services
    Microsoft Certified System Administrator 2003
    Microsoft Certified System Engineer 2003
    Microsoft Certified Solutions Associate 2008 Core
    Microsoft Certified IT Professional: Enterprise Administrator, Enterprise Messaging Administrator, Lync Server Administrator 2010
    MCC: Microsoft Community Contributor
    Citrix CCA
    Visita mi blog en ITPro.es
    MCP Virtual Bussines Card

    martes, 24 de julio de 2012 9:42
    Moderador
  • Hola Marc,

    Gracias por el link, ya ejecute esos mismos comando en el shell de exchange 2007 pero aun asi me sigue arrojando el error:

    [PS] C:\Documents and Settings\admingd\Desktop>get-ExchangeCertificate -domain n
    earbas1004.nearba.net | fl


    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                         ssControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.example.com.ar, example.com.ar, nearbas1004.nearba.n
                         et, nearbas1004}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=mail.example.com.ar
    NotAfter           : 23/08/2012 9:38:06
    NotBefore          : 23/08/2011 9:38:06
    PublicKeySize      : 2048
    RootCAType         : None
    SerialNumber       : 1739C1B9DEC76B9349B545C41FE86E2D
    Services           : IMAP, POP, IIS, SMTP
    Status             : Valid
    Subject            : CN=mail.example.com.ar
    Thumbprint         : 0518D2050DD68B18D4BF4A044C651D7BEB7E74EC

     

    [PS] C:\Documents and Settings\admingd\Desktop>Get-ExchangeCertificate -Thumbpri
    nt 0518D2050DD68B18D4BF4A044C651D7BEB7E74EC | New-ExchangeCertificate
    WARNING: An unexpected error has occurred and debug information is being
    generated: Access is denied.
    New-ExchangeCertificate : Access is denied.
    At line:1 char:103
    + Get-ExchangeCertificate -Thumbprint 0518D2050DD68B18D4BF4A044C651D7BEB7E74EC
    | New-ExchangeCertificate <<<<
        + CategoryInfo          : NotSpecified: (:) [New-ExchangeCertificate], Cry
       ptographicException
        + FullyQualifiedErrorId : System.Security.Cryptography.CryptographicExcept
       ion,Microsoft.Exchange.Management.SystemConfigurationTasks.NewExchangeCert
      ificate


    Gaston Dominguez

    martes, 24 de julio de 2012 12:09
  • Hola de nuevo,

    Mira si aquí tienes la solución al problema de "Access denied": http://social.technet.microsoft.com/forums/en-US/exchangesvradmin/thread/bd209455-7601-4e34-a7aa-c9a6d7eaf0c3/


    Saludos,

    Marc
    Microsoft MVP - Directory Services
    Microsoft Certified System Administrator 2003
    Microsoft Certified System Engineer 2003
    Microsoft Certified Solutions Associate 2008 Core
    Microsoft Certified IT Professional: Enterprise Administrator, Enterprise Messaging Administrator, Lync Server Administrator 2010
    MCC: Microsoft Community Contributor
    Citrix CCA
    Visita mi blog en ITPro.es
    MCP Virtual Bussines Card

    • Marcado como respuesta gastonmd14 martes, 24 de julio de 2012 18:29
    martes, 24 de julio de 2012 14:02
    Moderador
  • Gracias Marc, me faltaban heredar los permisos sobre la carpeta RSA para poder generar un nuevo certificado.

    Saludos.


    Gaston Dominguez

    martes, 24 de julio de 2012 18:30