I had an issue where I needed to replace the current SSL certificate on Exchange 2010 with the same certificate that had additional SAN names added. Unfortunately, the certificate I was provided was not signed by the provider’s (GoDaddy in this case) private key so the certificate could not be directly imported. I used OpenSSL to sign the certificate with the provided private key and was able to import the certificate into Exchange successfully after creating a temporary certificate to assign the services while I removed the existing certificate to import the newly created one.
Using OpenSSL, run the following command to sign the certificate with the provided private key:
openssl pkcs12 -export -in server.mydomain.org.crt -inkey server.mydomain.key -out mycertificate.pfx