PrivateKeyMissing Exchange Certificate Install
I was trying to renew my UCC certificate for my Exchange 2010 server. All was going fine until I tried to enable the certificate. I got the following error message:
Enable-ExchangeCertificate : The certificate with thumbprint *** was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing). At line:1 char:27 + Enable-ExchangeCertificate -Thumbprint *** -Services "IIS"
- Open MMC and add the Certificate Snap-In for the Local Computer account.
- Double-Click on the recently imported certificate.
- Select the Details tab.
- Click on the Serial Number field and copy that string.
- Open up a command prompt session. (cmd.exe aka DOS Prompt)
- Type: certutil -repairstore my “SerialNumber” (SerialNumber is that which was copied down in step 4.)
- After running the above command, go back to the MMC and Right-Click Certificates and select Refresh (or hit F5 in the MMC)
- Double-Click on the problem certificate. At the bottom of this window (General tab) it should state: “You have a private key that corresponds to this certificate.“
- Now that the Private Key is attached to the certificate, please proceed to enable Exchange Services via Enable-ExchangeCertificate.
Note: In Windows Server 2008 it will be the certificate missing the golden key beside it.
Note: You may use CTRL+C, but not right-click and copy.
Note: In Windows Server 2008 there will be a golden key to the left of the certificate, so there is no need to double-click the certificate.