Private Key not Exportable

When you want to export exchange certificate from CAS ,the "export private key" is greyed out and you are not able to export the private key.

this means you not mention "-private keyexportabel" in certificate request. the correct command for certificate request is :

using this command you mention all alternative name of organization like server names,

New-ExchangeCertificate -GenerateRequest -SubjectName "C=com, O=organization name, CN=webmail.organization.com" -DomainName *.organization.com -PrivateKeyExportable $true -Path c:\cert.req

Exchange Certificate Error

when you enable exchange certificate for services SMTT,IIS you got error.
Dir cert:\LocalMachine\My | fl
Enable-ExchangeCertificate -thumbprint 58fA55B9F5AB52635E7CBd4895F7757ACC07C4 -services "IIS,SMTP"

Enable-ExchangeCertificate : The certificate with thumbprint was found but is not valid for use with Exchange Server (reason: SigningNotSupported).
At line:1 char:27
+ enable-exchangecertificate  <<<< -thumbprint -services "SMTP"

Solution

 Open Microsoft Management Console  by clicking Start, Run, mmc.exe and add certificate snapin
Double-click the imported certificate that is in the Personal folder.
Click the Details tab.
Click Serial Number in the Field column, highlight the serial number, and then write it down.
Open a command prompt.
Type: certutil -repairstore my "SerialNumber" (SerialNumber is the serial number that you wrote down in step 4.)
In the Certificates snap-in, right-click Certificates, and then click Refresh. The certificate now has an associated private key.
To verify that the issue is resolved, run the Get-ExchangeCertificate cmdlet which should now show the correct certificate.