Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 616
  • Last Modified:

New certificate doesn't work

I recently bought an Entrust SSL certificate, and when I installed it on IIS 6 (on Win2k3), I'm unable to connect to any of my https:// pages.  I get a DNS error the first time, and if I try to refresh, the browser just sort of stalls out.

I had been using a self-signed certificate that created for myself, but I decided to go with a reputable CA to avoid the obnoxious error prompts that will sometimes come up for certs from untrusted publishers.  I contacted Entrust user support and got the usual BS about how to install the certificate.  

I'm not trying to do anything fancy -- just secure SSL sessions -- and I can't figure out what might be the problem.  The cert I bought was intended to be used for the exact purpose I've invoked, and my website is set up properly to work fine with my old self-signed certificate.  

Am I missing something with the 'store bought' certificate?  Do I have to install it somewhere in the certificate tree that wasn't required for the original one?
0
Zeek0
Asked:
Zeek0
  • 4
  • 3
1 Solution
 
Dave_DietzCommented:
When you view the certificate does it say you have a valid private key associated with it?

Dave Dietz
0
 
Zeek0Author Commented:
Nope.  Is it possible to recover the use of the certificate without it?  
0
 
Dave_DietzCommented:
Nope.

Certificate without the private key is basically useless.

How did you generate the certificate request and what format was the certificate in when you received it?

Dave Dietz
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Zeek0Author Commented:
I got the cert from entrust.  I created a certificate request in IIS, then pasted the contents to the Entrust site, then copied the resulting certificate into a file an imported it.

After I generated the certificate request, I had to go back and reinstall the self-signed cert because I needed to keep my site up.  Therefore, I didn't install the new certificate as a response to the certificate request; I just imported the .cer file when I got it from Entrust and tried to use that.  

I'm wondering now if that's why I don't have the private key?  I didn't think much of the request-fulfillment process.  I still have a file containing the request I used to get the cert if that would help me out somehow.
0
 
Zeek0Author Commented:
Success!!

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/53dfdb5e-6106-4d99-85bb-da199bc27c7e.mspx?mfr=true

Above is a microsoft.com article that explains how to use a certificate if you screw up the installation process (as I did).  If you don't process the pending request in IIS 6, it removes the associated private key that was generated by the cert request.

0
 
Dave_DietzCommented:
When you went to reinstall the old cert you had to delete the pending request or the new certificate - this is where the problem started.  When you did this you deleted the information used to bind the Certificate to he private key.

The certreq.txt file is a CSR - Certifiate Signing Request - and it does *not* contain the private key or help in any way with this issue.

Do you have MS Certificate server installe (ormore importantly, a copy of certutil.exe)?  If so there may still be a way to recover the private key and get the certificate working.

Dave Dietz
0
 
Dave_DietzCommented:
Sounds like you got where I was going before I got there.... :-)

Dave Dietz
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now