Hi Jon,
I’ve been struggling with this script on Exchange 2010 as well, but I have made a little progress. The error you are getting about PrivateKeyMissing is because Exchange requires a password on the cert. To set the password add -CertificatePassword to the Get-ACMECertificate command in the script:
Get-ACMECertificate $SANcert_alias -ExportPkcs12 $SAN_pfxfile -CertificatePassword ‘Your_Password’
Then you will need to use that password when using ImportExchangeCerificate:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path $SAN_pfxfile
-Encoding byte -ReadCount 0)) -Password (ConvertTo-SecureString -String ‘Your_Password’ -AsPlainText -Force)
However, I am not a PowerShell expert and this is where I get stuck. The Import-ExchangeCertificate command outputs the thumbprint of the cert which is then required to enable the cert. We need to run this command:
Enable-ExchangeCertificate -Thumbprint FFDD1D5747341E61DA6E7A2E29C47BEE5BEDE02 -Services POP,IMAP,IIS,SMTP
How do you feed the thumbprint from the output of the Import-ExchangeCertificate command into the Enable-ExchangeCertificate command??
If I can figure that out, then the complete script should run under Exchange 2010.
Pat