Windows 2008 SBS: The imported certificate does not match you Web site.

It can happen sometimes that you get the warning / error message in the windows 2008 sbs console.

The imported certificate does not match you Web site. Verify that you selected the correct certificate file and then try again
If you do not have another certificate file, contact you certificate service provider

When you try to import a requested certificate. This is an annoying message if you get it. But here are some steps to solve this issue and get a working non-self-issued certificate.
step 1:

Open the Exchange Management Shell ( Powershell for exchange )
Use the following command: Get-ExchangeCertificate
There will be a few certificates shown with a Thumbprint.
This overview will show also the certificates you tried to request.

step 2:

You should have to know if the Thumbprint is one of the shown requested certificates. you can find the Thumbprint on the bought certificate under Details > thumbprint

step 3:

Now you have to start with recovering. The following you have to do. Go to the Detail Tab on the bought certificate.  At the part of Serial number you see a hexadecimal number. Copy this number with CTRL+C
Paste this number in NOTEPAD. open a Command Prompt [ CMD ]
Type there: certutil -repairstore my ‎”copied serial number”
[ note user the quote marks ” ” before and at the end of the serial number ]
At the end of the view you will see CertUtil: -repairstore command completed successfully

step 4:

After running the above command, go back to the MMC and Right-Click Certificates and select Refresh (or hit F5 in the MMC) in SBS 2008 under the console manager ( advanced )
Double-Click on the problem certificate. At the bottom of this window (General tab) it should state: “You have a private key that corresponds to this certificate.”
Note: In Windows Server 2008 there will be a golden key to the left of the certificate, so there is no need to double-click the certificate.

step 5:

Now that the Private Key is attached to the certificate, please proceed to enable Exchange Services via Enable-ExchangeCertificate.
Enable-ExchangeCertificate –Services “POP, IMAP, IIS, SMTP”
Thumbprint: [choose the certificate with the correct thumbprint of the bought certificate]
choose [ Y ]

step 6:

In the SBS 2008 Console you can find under network > connectivity >  Web Server Certificate: you will see that the old certificate is still on request pending.
You have to remove this pending request by clicking on the  Remove this trusted certificate. button on the right of the sbs 2008 console.
After you have pushed this button you will see that the trusted certificate is shown in the console. This is the sign that the problem is solved.

step 7:

Now you have to control you web address if you see the correct lock in the address bar. [ tip do this test from internal as well external ]

5 thoughts on “Windows 2008 SBS: The imported certificate does not match you Web site.”

  1. I have a problem with the overall premise of your article but I still think its really informative. I really like your other posts. Keep up the great work. If you can add more video and pictures can be much better. Because they help much clear understanding. 🙂 thanks Ravel.

  2. I came to step 4 (step 5 gave an error), but i could add the new certificate in the Windows SBS console advanced mode after that. Thanks very much.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.