Here is a helpful tip regarding renewing or replacing your SSL certificate for your Exchange server. In my case I was using an inexpensive service provided by www.register.com to obtain an SSL certificate. I accepted their already saved .csr from the original certificate request a year ago. Problem with that is, it contains a private key that pertains to that .csr in regards the generating server, so when they issue the cert the server doesn’t recognize the private key and hence when you try to enable it for Exchange it gives a pile of red error text saying it can’t use do to not having a private key. Since Register.com doesn’t like to reissue certs, here is the fix:
Go ahead and import the certificate into exchange using the Exchange Management Shell:
import-exchangecertificate -path path to your cert goes here no quotes (this assumes you have already downloaded the certificate to your server and placed in an easy to locate directory, i use c:\ for ease)
Click Start –> Run and then type MMC, press Enter.
In the MMC Snap In click File Menu and then select Add/Remove Snap-in…
Select Certificates.
Click Add button.
Select Computer account from the popped up dialog box.
Click Finish and click OK
Expand Certificates –> Personal –> Certificates
You should see the certificate that has the little golden key icon missing. The other certificate you may see is the self-signed certificate generated during exchange installation.
Now double click on the newly imported certificate and select the Details tab.
Click Serial Number and write down this value or simply copy and paste it into a notepad file. Please note that you will not be allowed to copy using mouse. You can use Ctrl+C instead.
Open command prompt and type certutil –repairstore my “serial number of certificate” and press enter.
Now, refresh the Certificates MMC and you should see the private key paired with the certificate.
You can now enable this certificate on your exchange server
enable-exchangecertificate -thumbprint “your thumbprint goes here” -services “list the services here i.e IIS, SMTP, etc“
press enter and you will see a warning about overwriting the existing certificate with the new one, press “y” and enter and you are done!
2 Responses to Renew Exchange 2007 Certificate, Missing Private Key
Follow me! 
Follow me! 
Need help fast? 
Chris
Nice article. Just checking to see if this bounces or not.
Hope you die and stuff. Thanks.
redflame
I hate you