0

I am trying to replace an expired certificate for a new one, with 2 years of validation(with IIS GUI to create self signed certificates I got just 1 year), and using exchange management shell, with:

new-exchangecertificate -subjectname "<...>" -domainname <...> -generaterequest:$True -keysize 2048 -path <...> -privatekeyexportable:$True

and then, choose my CA. After that,

certreq.exe -submit -attrib "CertificateTemplate:WebServer" <...>

to set the certificate purpose.

But seems that after double check this cert that there is no private key.

So my question is, how can I add or generate a self signed cert with a private key incorporated to be able to import it to IIS.

marafado88
  • 412
  • 2
  • 9
  • 31

1 Answers1

0

From WS Exchange Management Console, I was able to generate and set a template for certificates(like it was done here: http://www.beaconitservices.com/blog/2014/09/creating-self-signedinternal-ca-certificates-for-exchan...), like a web-server(https), and link it to the current CA:

New-ExchangeCertificate -subjectName “CN=contoso.com” -DomainName contoso.com -GenerateRequest:$True -Keysize 2048 -path c:\temp\contoso.req -privatekeyExportable:$true 

certreq.exe -submit -attrib “CertificateTemplate:WebServer” c:\temp\contoso.req

And then It must be imported to certmgr and after that, exported with the private key allowing me to set it to pkcs(*.pfx). After that I did next without checking any of those options. And set a password for this *.pfx. After that I remove that private key file from the server. In ISS, made import, and went in the exchange webservice and select "bind" HTTPS(443) to use my new certificate.

Dont forget to delete the private key after this procedure.

marafado88
  • 412
  • 2
  • 9
  • 31