I had an issue in my lab today, while I was importing a third party certificate to Exchange 2010. Even after importing the certificate successfully, the console (and shell) had the same status – “This is a pending certificate signing request (CSR)”.
I had a look at the personal certificates store for the local computer and I had my certificate along with all the root & intermediate certs. Restarting the Exchange services didn’t change the status of the certificate in the console.
When I had a closer look at the personal store, I found out that the private key for the certificate was missing for some reason. Now I knew what had to be done
I copied the thumbprint from my certificate in the store (not the thumbprint from Exchange Shell).
I ran Certutil utility with the syntax, Certutil –repairstore My “copied thumbprint”.
The command completed successfully and my issue was solved. The certificate got the private key and Exchange picked up the change as well.
Hello Rajith, any chance you still have the screenshots so I can follow along? I know this is an old post but it would be helpful. Thanks!
I dont have them David, sorry.
You just need to copy the thumbprint from the certificate in the server’s personal store and run the certutil command.
Thanks so much for posting this. Worked like a champ.
Glad it helped you Ken.
Hi Rajith,
If I created a CSR for my UCC Cert and validity of the certificate is 2019, However I am getting pending “this is a pending certificate signing request (csr)” . I am worried would it impact the services or how can I roll back to the earlier.
Hi Shyam,
You can roll back to the earlier cert if it is still valid.
From what you are saying, you need to complete the certificate the CSR request in Exchange and then assign the new cert to various services.
Thanks
Thanks for the tip. It was helpful.
Thanks Jav.
Thanks Raj. Very helpful. Great job.
Glad to help Dinesh