I was renewing Exchange certificate for my test domain salonovi.cz. I was doing it via EMC console but behind of GUI it is done via certificate request CMDlet. For Example this CMDlet:
New-ExchangeCertificate -Server 'SERVER1' -FriendlyName 'Your Exchange Certificate Name' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=Country code,S="Region",L="City",O="Organization name",OU="Department Name",CN=CAS Array hostname' -DomainName 'server1.domain.com,'server2.domain.com',...
I am using certificate from Startcom certification authority (however this happened to me also vith GeoTrust), because it is free, so I have passed the request to web browser and generated new certificate, downloaded it and tried to import the certificate to Exchange environment.
First import went OK, but I havent seen pending certificate request to be completed
Second try of import generated an error:
I have checked local certificate store for the computer account and the certificate was there, but didn´t have private key attached to it.
Solution is simple. Run the command bellow, where red text is the serial number of your certificate
certutil -repairstore my "SerialNumber"
After running the command certificate with serial number “SerialNumber” will be connected to its private key and pending certificate request will be completed, and you can continue as usual.