Solved

New certificate doesn't work

Posted on 2006-07-11
9
608 Views
Last Modified: 2012-06-21
I recently bought an Entrust SSL certificate, and when I installed it on IIS 6 (on Win2k3), I'm unable to connect to any of my https:// pages.  I get a DNS error the first time, and if I try to refresh, the browser just sort of stalls out.

I had been using a self-signed certificate that created for myself, but I decided to go with a reputable CA to avoid the obnoxious error prompts that will sometimes come up for certs from untrusted publishers.  I contacted Entrust user support and got the usual BS about how to install the certificate.  

I'm not trying to do anything fancy -- just secure SSL sessions -- and I can't figure out what might be the problem.  The cert I bought was intended to be used for the exact purpose I've invoked, and my website is set up properly to work fine with my old self-signed certificate.  

Am I missing something with the 'store bought' certificate?  Do I have to install it somewhere in the certificate tree that wasn't required for the original one?
0
Comment
Question by:Zeek0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17085601
When you view the certificate does it say you have a valid private key associated with it?

Dave Dietz
0
 

Author Comment

by:Zeek0
ID: 17085633
Nope.  Is it possible to recover the use of the certificate without it?  
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17085678
Nope.

Certificate without the private key is basically useless.

How did you generate the certificate request and what format was the certificate in when you received it?

Dave Dietz
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 

Author Comment

by:Zeek0
ID: 17090165
I got the cert from entrust.  I created a certificate request in IIS, then pasted the contents to the Entrust site, then copied the resulting certificate into a file an imported it.

After I generated the certificate request, I had to go back and reinstall the self-signed cert because I needed to keep my site up.  Therefore, I didn't install the new certificate as a response to the certificate request; I just imported the .cer file when I got it from Entrust and tried to use that.  

I'm wondering now if that's why I don't have the private key?  I didn't think much of the request-fulfillment process.  I still have a file containing the request I used to get the cert if that would help me out somehow.
0
 

Author Comment

by:Zeek0
ID: 17090480
Success!!

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/53dfdb5e-6106-4d99-85bb-da199bc27c7e.mspx?mfr=true

Above is a microsoft.com article that explains how to use a certificate if you screw up the installation process (as I did).  If you don't process the pending request in IIS 6, it removes the associated private key that was generated by the cert request.

0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 17090560
When you went to reinstall the old cert you had to delete the pending request or the new certificate - this is where the problem started.  When you did this you deleted the information used to bind the Certificate to he private key.

The certreq.txt file is a CSR - Certifiate Signing Request - and it does *not* contain the private key or help in any way with this issue.

Do you have MS Certificate server installe (ormore importantly, a copy of certutil.exe)?  If so there may still be a way to recover the private key and get the certificate working.

Dave Dietz
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17090622
Sounds like you got where I was going before I got there.... :-)

Dave Dietz
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question