Here we are going to
learn how we can create certificate request in Exchange 2013 version
via Exchange Admin Center and what error may come with its immidiate
solution. In Exchange Server 2013 version we use web-based Exchange
Admin Center as the GUI for managing Exchange in place of Exchange
Management Console. By doing this there comes a little change in
process for requesting and importing certificates and now file share
and file name is required.
When all this is finished and try to generate
specify a share via accessing network, you may recieve following
error on your screen:-
You have to assign the correct permission on the
file that you are using to check that you can write your certificate
request, and read the resulting certificates.
On immediate note you can do one thing
modify Exchange Trusted Subsystem Group and permission that you have
chosen earlier. And try to re attempt certificate request so that
Exchange Admin Center should be enough capable to write certificate
request successfully.
OTHER ERROR OF EXCHANGE CERTIFICATE
Error message:- "The certificate with
thumbprint... was found but is not valid for use with Exchange Server
." OR
“Private Key Missing”
Now we come to some depth like what exactly
happens in behind the screen.
As we all know that an SSL
Certificate is very easy
way to refer, two distinct but related files. These files are called
a public key and private key. These files usually combined with the
Exchange for example in a .p12, .pfx, or keystore file.
In the time of requesting for the certificate you
create a private key and certificate signing request that is also
called CSR. This private key remains safe on Server and CSR is a data
file that has the collection of Certificate Authority like DigiCert®.
This is used in creation of private key without making any changes
in private key itself.
After installing process, certificate is paired
with private key which is the resource for the generation of CSR.
Because without matching private key it is difficult to install certificate.
There are two most common reason that can be responsible for this type of error message:-
The first cause is related with private key
like it is lost, deleted, or never existed on the server in the first
place and the reason behind this is that you cannot enable your
certificate files for Exchange Server.
The second notion is not that much clear
because sometimes it happens that administrators get this error code
even, when the entire setup of Exchange 2007 is correct but the
private key becomes corrupt without knowing the correct cause it
becomes unusable by Exchange.
By chance, both cause can be solved.
For the first reason or in case of lost or damage
private key, you have to start again by creating a new CSR. This is
very easy to re-issue DigiCert certificates by using same name in the
request. For this you just need to create a new CSR and then login to
your DigiCert Management Console. Then just click on order no and at
last on reissue.
But later on you find some more cause that result
the same error, though it is hard to determine. But here is some
example like a server admin imported the .crt/.cer/.p7b SSL
Certificate files through MMC that cant be created with the Exchange
command line or IIS where the request was generated.
Another reason may be when certificates are
correctly imported by admin on one Server but then backed up the
certificate files to a .pfx without backing up the private key. To
avoid this you must know how to export and import certificate files
in Exchange Server.
But it may happen that duing all this your saved
database may get corrupt that all resides in EDB file. In such case
you can use your backup file and if your backup file get damage then
it is a big issue but there are many software available in market
such as Stellar Phoenix Exchange BKF Repair Tool that is affordable
and available for the Exchange Server version 2007 and 2003.
0 comments:
Post a Comment