Sometimes when a certificate is imported the associated private key is missing, this can occur for a number of reasons - for example, the key being imported through the MMC Certificates console while the pending request is in Exchange/IIS.
Often this will result in errors when enabling the certificate within Exchange.
Enable-ExchangeCertificate : The certificate with thumbprint was found but
is not valid for use with Exchange Server (reason: PrivateKeyMissing).
The fix is simple, find the serial number of the certificate and run the following command
certutil -repairstore my "SerialNumber"
There is a bug in Windows 8.1 and Server 2012 R2 where running certutil will prompt for credentials, however, it will only allow SmartCard Authentication. Microsoft have released a hotfix which is available from here.