Home » Exchange Server » How to Complete a Pending Certificate Request in Exchange Server 2013

How to Complete a Pending Certificate Request in Exchange Server 2013

When you are configuring SSL certificates for Exchange Server 2013, after you have generated the certificate request and received the SSL certificate from the certificate authority, you then need to complete the pending certificate request.

In the Exchange Administration Center navigate to Servers -> Certificates. Choose the server you are configuring the SSL certificate for and highlight the certificate that has a status of “Pending request”.

Pending certificate request in Exchange 2013

With the pending request highlighted click on the link to Complete.

Choose to complete the pending request

Enter the UNC path to the certificate that you were issued by the certificate authority, and then click OK.

Provide the path to the certificate file

When the pending request is completed and you return to the main EAC window you will see the status has changed to “Valid”.

The SSL certificate is now valid

When the it is showing as valid you can then assign the SSL certificate to services on the Exchange 2013 server.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

33 comments

  1. Amir says:

    what if the status doesn’t change!!!
    in my scenario , after i receive the certificate from my external CA then click the complete pending request and addressed the .cer file , everything seemed OK but after the wizard completed the status is remained ” pending request”

    Any solution?

  2. Larry says:

    Dear Paul,

    Thank you for all the step-by-step instructions you gave us for Exchange 2013 SSL certificate installation. They are the best.

    I followed your instructions and generated the certificate request for the Exchange 2013 Server and I followed the instructions in this article to complete the pending certificate. After I click the Complete link and enter the UNC path to the file, I get the following error “A special Rpc error occurs on server [server_name]: The source data is corrupted or not properly Base64 encoded”. and I have to cancel the task.

    Can you please suggest a solution? T.hank you

    • I’m guessing something is wrong with the file you downloaded from your CA. If it is a private CA then perhaps try redoing the cert process again. If its a commercial CA then I would contact their support and ask them about it.

  3. Larry says:

    Dear Paul,

    Thank you for your reply. The file was created by following your article http://practical365.com/create-ssl-certificate-request-exchange-2013 (Create an SSL Certificate Request for Exchange Server 2013) . I already repeated the process several times. I also looked at the file by opening it in notepad (no saving). I remember from older times something about the existence or not of a certain character at the end of such a file that could render the file unusable. Is there anything like this? What else can I do?

    Thank you.

  4. Leo says:

    After i follw all your step my Exchnage Server 2013 ask me for “\unc-pathccertificate.PFX”, not .cer? Why?
    Can you help me?
    Thanks

  5. Tim says:

    I got my cert from my CA. I installed the Intermediate Certification Authority as instructed by my CA. Then I imported my crt file according to your instructions. Everything seemed to work, no error notices, except that the certificate status stayed at “Pending Request”. If I repeat the import process I get the error:

    A special Rpc error occurs on server VEXCHANGE: Cannot import certificate. A certificate with the thumbprint 773E7… already exists.

    In the Certificates Console the certificate appears in the Personal – Certificates store on the server. So it looks like the import succeeded but Exchange doesn’t seem to recognize it.

    Any thoughts about what is happening?

  6. Gary Schmidt says:

    Is there any comment on Tim’s situation? I experience the exact same thing. Everything seems to work successfully after Complete Pending Request, butt the certificate remains in Pending status mode.

    • Tim says:

      I eventually got mine working by doing the following:

      1. Carefully went through all settings in the EAC. Fixed a few, apparently minor, inconsistencies. Don’t know if these were the cause of the problem or not.

      2. Deleted the existing certificate request in EAC and generated a new certificate request.

      3. Rekeyed the certificate at my CA using the new request.

      4. Imported the new certificate.

      This time it all worked fine.

  7. Nash Burns says:

    Hi,

    I got the certificate installed via EAC. But the status didn’t change. It still shows as pending. So I checked the certificate store and saw that no private key is assigned. So i repaired it using “certutil -repairstore my” command and that fixed the issues. I can assign/enable certificate for Exchange and everything started working fine.

    But, the EAC still shows the request as pending. Is there anything else I should do to get the certificate reflected in EAC as well?

  8. Amit kumar says:

    Hi Paul,

    In my Scenario when I am trying to import E2k10 Cert to E2k13 server. It is installed successfully but showing Invalid. I am imported certificate to mmc.exe snap in to Trusted , intermediate and personal container. Restarted IIS but still, I am facing same issue. Can you please suggest how to get his done.

    An early reply would be appreciated.

  9. Alfre Nawa says:

    Hello Paul, Could you kindly run an article on How to RENEW A Self signed SSL Certificate in Exchange 2013. I am having a torrid time because all the articles on this subject seem to assume you are using a CA

  10. Elnur says:

    Dear Paul

    Thank you for you article. IT helps me a lot.
    I have a little question, maybe you can help me.
    When i compete the pending request the public certificate appears only in that server where that csr was initiated. When i select second exchange server from the menu i dont see the generated CA certificate even though i select both exchange server in certificate import wizard.

    Recently i had revoked certificate in exchange therefore i renewed that cert. after importing new public CA the changes appeared only in that exchange server where request was initiated. When i select another exchange server i dont see new CA cert.

Leave a Reply

Your email address will not be published. Required fields are marked *