Scenario:
I have a LAB, with Exchange 2010 / Exchange 2013 in coexitence:
- 1 Exchange 2010 CHM
- 2 DAG servers with FrontEnd and Backend roles and HAProxy load balancer
I have selected renew Exchange Certificate from EMC and got certificate request. Requested certificatee renewal on Startcom Certification authority -> Completed pending request
Problem:
When I was trying to renew certificate for SMTP / TLS, I started to get error message on the Picture.
It was not possible to do anything with certificates in EMC, because list was empty.
Solution:
- Run EMS
- List certificates
Get-ExchangeCertificate | Select Status,Thumbprint,Notafter,Services | ft -Autosize
- In the list you will see pending requests
- Complete pending request
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path Z:Z_DOKUMENTYSALONOVI.CZSMTP_certifikat_renewal_2013_2.cer -Encoding byte -ReadCount 0))
- Check certificate if it is valid
Get-ExchangeCertificate <Thumbprint> |fl ; Thumprint from previous command
- Assign services to certificate (Requires confirmation to overwrite existing SMTP certificate)
Get-ExchangeCertificate <Thumbprint> | Enable-ExchangeCertificate -Services SMTP
- Once CSR is completed an all certificates are in place, it is possible to access certificates in EMC again.