Crossroads305
asked on
Installing SSL certifcate on exchange 2010
I've been trying to install my UCC/SAN certificate on my exch 2010 servers for a couple days now. I got this certificate from godaddy. When I install the certificate it tells me "The certificate status could not be determined because the revocation check failed" I installed the intermediate certificates per godaddy directions. I installed the cerfificate on the exchange server several times. I've rekeyed my certifcate on godaddys web site several times, downloaded it again, installed it again, and nothing seems to work. I really need to get this certificate working any ideas on what to try would be appreciated. Thanks.
ASKER
Ok. I used the utility. It said I could use it even if I didn't buy my certificate from digicert. I ran test key and it said the private key was successfully tested and the revocation check for certifcate chain was successful. It says the certificate is correctly installed. When I look on my exchange server it still says certificate status could not be determined because revocation check failed. Any ideas on why? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
because it still says "certificate status could not be determined because revocation check failed" I cannot assign services to it. Thanks.
I haven't had issues using GoDaddy's SAN certs but am reading where others have had problems with their UCC certs ... still looking ..
https://www.experts-exchange.com/questions/24772914/Exchange-2010-and-SSL-Certificate.html
https://www.experts-exchange.com/questions/24772914/Exchange-2010-and-SSL-Certificate.html
ASKER
Thanks. yeah I saw the article eariler. Unfortunaely I'm stuck with my godaddy cert.
Do you have an ISA server in your network?
A couple of other things to try:
From a command prompt on the server
certutil -urlcache ocsp delete
certutil -urlcache crl delete
to clear the cache for CRL's...
A couple of other things to try:
From a command prompt on the server
certutil -urlcache ocsp delete
certutil -urlcache crl delete
to clear the cache for CRL's...
ASKER
No I don't have an ISA Server. I tried these commands earlier and no luck. Thanks.
ASKER
Thanks. This tool to test the cert works great. The problem I was having was due to my proxy. All is good now and the certificate is working fine.
Hi Crossroads305;
I'm having the same issue, could you please tell me how did you resolve it, I'm using an internal CA and not using a proxy server.
Cheers.
I'm having the same issue, could you please tell me how did you resolve it, I'm using an internal CA and not using a proxy server.
Cheers.
https://www.digicert.com/util/