?
Solved

Having trouble getting certificate popup to go away from server 2003

Posted on 2005-02-26
5
Medium Priority
?
290 Views
Last Modified: 2010-04-19
I have asked this question once before here but I did not make it clear how computer illiterate I am.  I don't know any computer vocabulary, I am only capable of blindly clicking and typing exactly as told...  Anyways, my boss fired the IT guy and left it to me to get the certificate popup to go away when people go to our windows server 2003 website.  We type the "IP" address into internet explorer, and then some warning pops up telling us our certificate is not verified.  My boss then bought a certificate from GoDaddy.com after seeing the commercial on the superbowl.  Now we have the certificate, and absolutely no idea what to do with it or even what it is.  Boss is mad at me and any help would be very nice.  Please tell me if I need to give you more information to answer this question (and how to go about getting the info to give to you)
0
Comment
Question by:kankerfist
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 13413090
When your browser hits an SSL protected site it checks three things to decide if it needs to warn you about a potential problem:

1) It checks to make sure the date is within the certificates validity period - generally this is a year so you should be OK

2) It checks to see if it trusts the certificate's issuer - it should since you purchased the certificate from a fairly well known vendor

3) It checks to see if the host name (www.wherever.com) is the same as the common name of the certificate

Number 3 is likely where you are failing since it is not valid to use an IP address as a common name for a certificate.  If you click the View Certificate button when the warning comes up the common name ofthe certificate is what shows next to 'Issued to' - this is what you should be typing in your browser to reach the site instead of the IP address.  If you cannot reach your site using this name instead of the IP address then you either need a new certificate or you need to fix your DNS entries for the site.

Dave Dietz
0
 

Author Comment

by:kankerfist
ID: 13414700
Well we got a certificate and a new www name for the server from GoDaddy.  We aren't sure how to put the 2003 server under this new WWW address instead of just using the servers IP address.  I think boss and me are in over our heads on this one, is there a service or a company that we could hire to come do this for us maybe?
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 13414761
You can call Microsoft and open a support incident for around $250.  I can guarantee they would be able to help out....  :-)

However, it probably doesn't need to come to that.

What is the fully qualified domain name the server should respond to?
What is the IP of the server?
What do you get if you ping the fully qualified domain name?

Is this server going to be available on the Internet or is it for intranet use only?

All in all, setting up SSL is fairly easy and we'll be happy to help out....  :-)

Dave Dietz
0
 

Author Comment

by:kankerfist
ID: 13415005
Ok here is the info:

-The new domain we just bought is www.5tsi.com.  Pinging that works cause we bought it from godaddy a few weeks ago.  
-The server responds to 69.15.78.10.  It always has responded to that, but we now want to change that to www.5tsi.com.  
-The server needs to be available on the internet and the intranet.

Also, the Godaddy tech support guys got me to the certificate authority part of their site.  This is what it says:

To apply for a Medium Assurance Web Server Certificate, you must generate and submit a Certificate Signing Request (CSR) to the Certification Authority.

Common Name ("CN") field: When generating your CSR, the name in the Common Name field must be the fully-qualified domain name for the Web site you wil [sic] be using the certificate for (e.g., www.domainame-goes-here.com). Do not include "http://" or "https://".

When you have generated your CSR, cut and paste the content into the box below.

Click here for CSR-generation instructions for all supported server software.


-I am not sure what they are talking about.  Do they want me to go on my 2003 server and somehow generate a "CSR" ?  And does the CSR need to be the current IP address, or the www.5tsi.com?  Tell me any info that I have left out and I will get back with it.  Thanks a lot
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 2000 total points
ID: 13415280
You will either need to follow the next three steps or create a new dummy website that points to nowhere - then move on to Generating a CSR:
-----
Go to your website Properties... -> Directory Security -> (Secure Communications section) Server Certificate
Click Next
You should have an option to remove the certificate.
-----

Generating a CSR:
------
Go to your website Properties... -> Directory Security -> (Secure Communications section) Server Certificate
Next
Select Create a new certificate
Prepare the request now, but send it later -> Next
Name can be whatever you want - it is only for your reference, leave everything else default -> Next
Organization and Organizational unit can also be whatever is appropriate for your business -> Next
********
Common name - this is the biggie!! - put www.5tsi.com here -> Next
Country/Region, State/Province, City/Locality can again be whatever is appropriate -> Next
c:\certreq.txt is a good default location -> Next
Next
Finish
--------

Your Certificate request file is now located at c:\certreq.txt.  The body of the text file is what you will want to cut and paste into the box they are referencing.

Once they send you a *.cer file you will need to save it to your drive somewhere - the desktop is a good place for this.

Installing the certificate:
-------
Go to your website Properties... -> Directory Security -> (Secure Communications section) Server Certificate
Next
Process the pending request and install the certificate -> Next
Browse to the (whatever).cer file on your desktop -> Next
Leave as default -> Next
Next
Finish
------

Now click OK and OK to exit the console.

If you did this with the actual site you should be in business
If you did this with a dummy site you will need to replace the certificate on the real site with the new certificate from the certificate store and then delete the dummy site or it will likely conflict on port 443.

All this said and done you are still likely to have an issue.
The domain name of www.5tsi.com actually points to an Apache server at parkweb01.secureserver.net that redirects clients to https://69.15.78.10.  Since the redirect uses the IP address and not the FQDN it will still be broken.  You will need to either move to a different DNS registrar that does DNS registrations properly or you will need to talk to your current providers and work with them to get your DNS name to actually resolve to your IP address.  (I've seen this issue before with some less-expensive DNS hosters.....)

Dave Dietz
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question