While trying to import a 3rd-party SSL certificate into Exchange I received the following error.
This was odd because it was my first time running through the import process on this server. Puzzled, I refreshed the Exchange Admin Center. As expected, no new certificates showed up. Just the default out-of-the-box certificates that come preinstalled with Exchange.
As a sanity check, I confirmed with PowerShell.
C:\> Get-ExchangeCertificate Thumbprint Services Subject ---------- -------- ------- 87957CA95B833615C71F7735853CE811F96E6117 IP.WS.. CN=EX16-02 40B938448B42F1D596E9DBB0EC666D8666725E07 ....... CN=WMSvc-EX16-02 1C6E03C3BDCBFD76FAA1375B7D2B4ED1291A0FCF ....S.. CN=Microsoft Exchange Server Auth Certificate
But as expected 559642FCD3DD4769D79A457D11875AF9E6E49F3C was not returned.
I then decided to check the Certificates MMC. I fired up MMC, added the Certificates snap-in using Computer Account >> Local Computer. Then I checked the Personal >> Certificates. To my surprise, I saw my certificate and the thumbprint matched.
This was odd. It had somehow made it into the MMC but Exchange couldn’t see it. Even odder it was missing its private key.
How to fix “A certificate with the thumbprint already exists”
From within the Certificates MMC, right-click the certificate and select Delete from the context menu. Click Yes to confirm.
Verify the certificate has been removed from the Certificates MMC. Now repeat your import process through either the Exchange Admin Center or PowerShell. This time it should complete successfully.
I am curious if anyone else has run into this issue. Drop a comment and let me know. Did you use a similar fix?