Fix for Exchange 2007 certificate error: PrivateKeyMissing
I recently ran across a strange error while updating a client’s certificate that they use for their Exchange 2007 system. It turns out that its a pretty random error but when it occurs certificates can no longer be installed or removed in Exchange. The system has either forgotten where it put the Private Key for your certificate or the certificate store is corrupted. With past versions of Exchange you would be using IIS for all the certificate management anyway, but with Exchange 2007 and onward you have to use the Exchange Management Shell to properly manage the certificate for use with your email system.
The error I am referring to follows:
Enable-ExchangeCertificate: The certificate with thumbprint <> was found but is not valid for use with Exchange server (reason: PrivateKeyMissing).
To repair the certificate store, follow the instructions below:
1. Open MMC and add the snap-in for the Certificate Manager for the Local Computer account.
2. Find the imported certificate and double-click to open it.
3. Check the Details tab for the Serial Number and write it down.
4. Open Power Shell.
5. Type:certutil -repairstore my “SerialNumber”
You can now check the status of the certificate by looking at the certificate in Certificate Manager (close or refresh the screen first). You should see the phrase: “You have a private key that corresponds to this certificate.”