When I tried to request a certificate from Exchange Management Console i stumbled over a strange behavior.
I ran the “New Exchange Certificate” and created the certificate request.
I then posted the request to the public CA service, and got the certificate back from the provider. Nothing strange there.
But when I tried to complete the request from Exchange console, it did not work. It ran successfully, but the private key was not associated.
I looked in the server’s certificate store certmgr.msc. I then opened the certificate details tab to find the thumbprint field
Then I checked get-exchangecertificate. And guess what. The thumbprint was different.
I therfore tried to run the command
certutil -repairstore My “<thumbprint>” (thumbprint from computer local store)
After this the thumbprint was correct on both local computer store and in Exchange
And finally I could assign Exchange services to the certificate.