Solved

New certificate doesn't work

Posted on 2006-07-11
9
607 Views
Last Modified: 2012-06-21
I recently bought an Entrust SSL certificate, and when I installed it on IIS 6 (on Win2k3), I'm unable to connect to any of my https:// pages.  I get a DNS error the first time, and if I try to refresh, the browser just sort of stalls out.

I had been using a self-signed certificate that created for myself, but I decided to go with a reputable CA to avoid the obnoxious error prompts that will sometimes come up for certs from untrusted publishers.  I contacted Entrust user support and got the usual BS about how to install the certificate.  

I'm not trying to do anything fancy -- just secure SSL sessions -- and I can't figure out what might be the problem.  The cert I bought was intended to be used for the exact purpose I've invoked, and my website is set up properly to work fine with my old self-signed certificate.  

Am I missing something with the 'store bought' certificate?  Do I have to install it somewhere in the certificate tree that wasn't required for the original one?
0
Comment
Question by:Zeek0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17085601
When you view the certificate does it say you have a valid private key associated with it?

Dave Dietz
0
 

Author Comment

by:Zeek0
ID: 17085633
Nope.  Is it possible to recover the use of the certificate without it?  
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17085678
Nope.

Certificate without the private key is basically useless.

How did you generate the certificate request and what format was the certificate in when you received it?

Dave Dietz
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:Zeek0
ID: 17090165
I got the cert from entrust.  I created a certificate request in IIS, then pasted the contents to the Entrust site, then copied the resulting certificate into a file an imported it.

After I generated the certificate request, I had to go back and reinstall the self-signed cert because I needed to keep my site up.  Therefore, I didn't install the new certificate as a response to the certificate request; I just imported the .cer file when I got it from Entrust and tried to use that.  

I'm wondering now if that's why I don't have the private key?  I didn't think much of the request-fulfillment process.  I still have a file containing the request I used to get the cert if that would help me out somehow.
0
 

Author Comment

by:Zeek0
ID: 17090480
Success!!

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/53dfdb5e-6106-4d99-85bb-da199bc27c7e.mspx?mfr=true

Above is a microsoft.com article that explains how to use a certificate if you screw up the installation process (as I did).  If you don't process the pending request in IIS 6, it removes the associated private key that was generated by the cert request.

0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 17090560
When you went to reinstall the old cert you had to delete the pending request or the new certificate - this is where the problem started.  When you did this you deleted the information used to bind the Certificate to he private key.

The certreq.txt file is a CSR - Certifiate Signing Request - and it does *not* contain the private key or help in any way with this issue.

Do you have MS Certificate server installe (ormore importantly, a copy of certutil.exe)?  If so there may still be a way to recover the private key and get the certificate working.

Dave Dietz
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17090622
Sounds like you got where I was going before I got there.... :-)

Dave Dietz
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question