Been playing around on my test network which is 1 DC (called DC), 1 Citrix Presentation Server/TS (called citrix1), 1 citrix WI/SG box, (called WI), 1 other 2003 server (called Servaland) Domain's called sydney. WI is the IIS webserver I'm trying to enable SSL on.
Installed a stand-alone CA on Servaland. Following along the doc:
The only difference is I had issues installing an enterprise CA so I've installed a stand-alone CA on Servaland.
Used servaland as the common name for the CA.
Created a new certificate in IIS on WI server. Gave the common name in the site as wi (pings OK) Saved the certreq.txt locally. As expected for a stand-alone CA I only get the prepare and send later option.SS
Went to http://servaland/certsrv
, from the WI server and did a certificate request, pasting in the text from the certreq.txt file. Checked in the CA console - yes pending request from user: servaland\iusr_servaland
When I go to the cert page and look at pending there's some earlier attempts that I revoked and my current one still pending.
Whether I issue the certificate or not get the same result.
Now if I go to Download a certificate it shows Current [servaland.mel.com.au] I downloaded that as certnew.cer to same location on WI as certreq.txt
Go to the properties of the default website on WI and try and process my pending request. Get error "The pending certificate request for this response file was not found."
tells me that the problem is:
You are attempting to install a certificate that does not match the private key (Pending request) that is currently residing in the Certificate Wizard.
Any ideas how to fix this or at least where to start troubleshooting? Do I need a root certificate as well as a server certificate? Am I downloading the Servaland cert instead of the one I created?
Oh and just in case it has any bearing I do have an Enterprise CA running on the DC - but it didn't install correctly.
Much TIA this hurts my head.