The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing).

2017-12-11T11:37:50+00:00 August 3rd, 2012|Exchange|

The following error may be received after running Enable-ExchangeCertificate:

Enable-ExchangeCertificate : The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate -Thumbprint XXXXXXXXX -Services "IMAP"

Solution:

The certificate is damaged and needs to be repaired. This can be due to a number of issues such as the CSR was created with IIS and attempted to be installed through the Exchange Management Shell (EMS), CSR was created in EMS on another Exchange Server. See resolution steps below:

  1. Open MMC and add the Certificate Snap-In for the Local Computer account.
  2. Double-Click on the effected imported certificate.
  3. Select the Details tab.
  4. Click on the Serial Number field and copy that string.
  5. Open command prompt.
  6. Type: certutil -repairstore my "SerialNumber" (SerialNumber is that which was copied down in step 4.)
  7. After running the above command, go back to the MMC and Right-Click Certificates and select Refresh
  8. Double-Click on the problem certificate. At the bottom of this window (General tab) it should state: "You have a private key that corresponds to this certificate."
  9. Now that the Private Key is attached to the certificate, please proceed to enable Exchange Services via Enable-ExchangeCertificate.