Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

New certificate doesn't work

Posted on 2006-07-11
9
Medium Priority
?
613 Views
Last Modified: 2012-06-21
I recently bought an Entrust SSL certificate, and when I installed it on IIS 6 (on Win2k3), I'm unable to connect to any of my https:// pages.  I get a DNS error the first time, and if I try to refresh, the browser just sort of stalls out.

I had been using a self-signed certificate that created for myself, but I decided to go with a reputable CA to avoid the obnoxious error prompts that will sometimes come up for certs from untrusted publishers.  I contacted Entrust user support and got the usual BS about how to install the certificate.  

I'm not trying to do anything fancy -- just secure SSL sessions -- and I can't figure out what might be the problem.  The cert I bought was intended to be used for the exact purpose I've invoked, and my website is set up properly to work fine with my old self-signed certificate.  

Am I missing something with the 'store bought' certificate?  Do I have to install it somewhere in the certificate tree that wasn't required for the original one?
0
Comment
Question by:Zeek0
  • 4
  • 3
9 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17085601
When you view the certificate does it say you have a valid private key associated with it?

Dave Dietz
0
 

Author Comment

by:Zeek0
ID: 17085633
Nope.  Is it possible to recover the use of the certificate without it?  
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17085678
Nope.

Certificate without the private key is basically useless.

How did you generate the certificate request and what format was the certificate in when you received it?

Dave Dietz
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:Zeek0
ID: 17090165
I got the cert from entrust.  I created a certificate request in IIS, then pasted the contents to the Entrust site, then copied the resulting certificate into a file an imported it.

After I generated the certificate request, I had to go back and reinstall the self-signed cert because I needed to keep my site up.  Therefore, I didn't install the new certificate as a response to the certificate request; I just imported the .cer file when I got it from Entrust and tried to use that.  

I'm wondering now if that's why I don't have the private key?  I didn't think much of the request-fulfillment process.  I still have a file containing the request I used to get the cert if that would help me out somehow.
0
 

Author Comment

by:Zeek0
ID: 17090480
Success!!

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/53dfdb5e-6106-4d99-85bb-da199bc27c7e.mspx?mfr=true

Above is a microsoft.com article that explains how to use a certificate if you screw up the installation process (as I did).  If you don't process the pending request in IIS 6, it removes the associated private key that was generated by the cert request.

0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 2000 total points
ID: 17090560
When you went to reinstall the old cert you had to delete the pending request or the new certificate - this is where the problem started.  When you did this you deleted the information used to bind the Certificate to he private key.

The certreq.txt file is a CSR - Certifiate Signing Request - and it does *not* contain the private key or help in any way with this issue.

Do you have MS Certificate server installe (ormore importantly, a copy of certutil.exe)?  If so there may still be a way to recover the private key and get the certificate working.

Dave Dietz
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17090622
Sounds like you got where I was going before I got there.... :-)

Dave Dietz
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question