Exchange 2007 SSL Problem - "not valid for use with Exchange Server (reason: PrivateKeyMissing)"

Jan5

Written by:David Aldridge
1/5/2010 7:50 AM 

Sometimes you will receive the following error message when trying to import a certificate:

Enable-ExchangeCertificate : The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing)

This is due to an error in the import commandlet, and exchange will sometimes damage a certificate during install.

This can be repaired using a combination of the certificates MMC snapin and the exchange management shell:

  1. Open the MMC (Microsoft Management Console) to the Certificate Manager (Certificates Snap-in) for the Local Computer account.
  2. Double-Click on the recently imported certificate.
  3. Go to the Details tab.
  4. Click on the Serial Number field and copy down that number.
  5. Open up the exchange management shell.
  6. Type: certutil -repairstore my "SerialNumber" (where SerialNumber is the number you copied down WITH NO SPACES between the digit pairs)

Now you should be able to enable the certificate in Exchange.

TrackbackPrint
Location: BlogsDavids Support Blog
Tags:

Your name:
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Title:
Comment:
Security Code
Enter the code shown above in the box below
Add Comment  Cancel 
You must be logged in and have permission to create or edit a blog.