Back to Community Threads
2
Export Certificate in Windows 2022
Problem reported by Lennart Eliasson - 1/24/2022 at 10:17 AM
Resolved
Hello,
We plan to move Smartermail to Windows 2022. 
Have installed SSL from Lets Encrypt which works fine. 
But I can not export the certificate to .pfx file. 

The certificate is at Certificates/Web Hosting/Certificates, but the script for export goes to Certificates/Personal/Certificates.

The script says: Get-ChildItem -Path 'Cert:\LocalMachine\My' etc.
Have tried changing to: 'Cert:\LocalMachine\WebHosting'
But the script is still searching for 'My'
What should I use instead of 'My'?

5 Replies

Reply to Thread
0
Kyle Kerst Replied
1/24/2022 at 10:44 AM
Employee Post
Hello Lennart! I'm sorry to hear you're having trouble with this! The default Let's Encrypt guide we provide will save the certificate to the local machine's personal certificate store, and should automatically associate HTTPS bindings in IIS with the newly added certificate. What error are you getting with when exporting the certificate as a PFX file?
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
1
Robert G. Replied
1/24/2022 at 1:29 PM
It may be easier if you post the script with the output error.
GearHost.com
0
Lennart Eliasson Replied
1/24/2022 at 2:18 PM
Oh, sorry. Thanks.

This is the script (ExportCert.ps1):
Get-ChildItem -Path 'Cert:\LocalMachine\WebHosting' | Where-Object { $_.hasPrivateKey } | Where-Object {$_.Subject -like "*mail.domain.com*"} | Foreach-Object {&certutil.exe @('-exportpfx', '-f', '-p', '45****************gew',$_.Thumbprint, "C:\Smartermail\Certificates\mail.domain.com.pfx")}

Bat file and error:

C:\SmarterMail\Scripts>ExportCert.bat

Powershell.exe -executionpolicy remotesigned -File c:\SmarterMail\Scripts\ExportCert.ps1

MY "Personal"
CertUtil: -exportPFX command FAILED: 0x80090011 (-2146893807 NTE_NOT_FOUND)
CertUtil: Object was not found.
1
Kyle Kerst Replied
1/24/2022 at 2:29 PM
Employee Post
That looks good to me, the only thing I see is you're trying to select it from Cert:\LocalMachine\WebHosting' instead of 'Cert:\localmachine\My' per this KB copy here:

https://portal.smartertools.com/kb/a3466/securing-smartermail-with-lets-encrypt.aspx

LE installs the certificate to the computer's local machine store, rather than the WebHosting store. 
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
Lennart Eliasson Replied
1/25/2022 at 9:29 PM
Marked As Resolution
I used Win-Acme-2 and it saved certificate in "WebHosting" by default. The problem was that it could not be exported. By deleting the certificate and redoing it, it was finally resolved.

First I had to change in settings.json to "PrivateKeyExportable": true,
Then during the installation I chose to save in [My] - General computer store.
After that the script worked as it should.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
Configure SSL/TLS to Secure SmarterMailSmarterMail > Server Configuration and Management
Migrate SmarterMail to a Different ServerSmarterMail > Installation and Configuration
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management