Installing Certificate on Exchange 2010 "Private Key Missing"

Server
15

OK I think I have it sorted now.
I won’t really know until my certificate expires and the renew process runs end to end.
Just in case some other poor unfortunate comes along and wants to see my solution.

After following the instructions to create the certificate here are the commands to renew and install.

Task Scheduler Command
C:\LetsEncrypt\letsencrypt.exe
Additional Arguments
–renew --baseuri “https://acme-v01.api.letsencrypt.org/” --script C:\LetsEncrypt\InstallCertificate.cmd

InstallCertificate.cmd
powershell.exe -PSConsoleFile "C:\Program Files\Microsoft\Exchange Server\V14\Bin\ExShell.Psc1" -command ". 'c:\letsencrypt\InstallCertificate.ps1'"

PowerShell Script

$LogFile = "c:\LetsEncrypt\LetsEncrypt.log"
$startTime = Get-Date
Write-Output "InstallCertificate.ps1		BEGIN	  $startTime" | Out-File -Encoding ascii -append -filepath $LogFile

Write-Output "InstallCertificate.ps1		Stage 1:  Define Password" | Out-File -Encoding ascii -append -filepath $LogFile 
    $PfxPassword = ConvertTo-SecureString "YOURPASSWORD" -AsPlainText -Force 

    Write-Output "InstallCertificate.ps1		Stage 2:  Import Certificate into Exchange"  | Out-File -Encoding ascii -append -filepath $LogFile
    try
    {
    	Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\Central_SSL\campsie.vjray.com.au.pfx -Encoding byte -ReadCount 0)) -Password:$PfxPassword 
    	Echo "InstallCertificate.ps1		 		  Success" | Out-File -Encoding ascii -append -filepath $LogFile
    }
    Catch
    {
    	Echo $_.Messages | Out-File -Encoding ascii -append -filepath $LogFile
    }

    Write-Output "InstallCertificate.ps1		Stage 3:  Retrieve new certificate thumbprint" | Out-File -Encoding ascii -append -filepath $LogFile
    $thumbprint = Get-exchangecertificate -DomainName campsie.vjray.com.au | select -expand Thumbprint;
    write-output "InstallCertificate.ps1				  Thumbprint=$thumbprint" | Out-File -Encoding ascii -append -filepath $LogFile

    Write-Output "InstallCertificate.ps1		Stage 4:  Modify Exchange Certificate Assigned ServicesCertificate"  | Out-File -Encoding ascii -append -filepath $LogFile
    try
    {
    	Enable-ExchangeCertificate -Thumbprint $thumbprint -Services POP,IMAP,IIS,SMTP;
    	Echo "InstallCertificate.ps1		 		  Success" | Out-File -Encoding ascii -append -filepath $LogFile
    }
    Catch
    {
    	Echo $_.Messages | Out-File -Encoding ascii -append -filepath $LogFile
    }

    $endTime = Get-Date
    Write-Output "InstallCertificate.ps1		END		  $endTime" | Out-File -Encoding ascii -append -filepath $LogFile
1 Like