Solved

New certificate doesn't work

Posted on 2006-07-11
9
603 Views
Last Modified: 2012-06-21
I recently bought an Entrust SSL certificate, and when I installed it on IIS 6 (on Win2k3), I'm unable to connect to any of my https:// pages.  I get a DNS error the first time, and if I try to refresh, the browser just sort of stalls out.

I had been using a self-signed certificate that created for myself, but I decided to go with a reputable CA to avoid the obnoxious error prompts that will sometimes come up for certs from untrusted publishers.  I contacted Entrust user support and got the usual BS about how to install the certificate.  

I'm not trying to do anything fancy -- just secure SSL sessions -- and I can't figure out what might be the problem.  The cert I bought was intended to be used for the exact purpose I've invoked, and my website is set up properly to work fine with my old self-signed certificate.  

Am I missing something with the 'store bought' certificate?  Do I have to install it somewhere in the certificate tree that wasn't required for the original one?
0
Comment
Question by:Zeek0
  • 4
  • 3
9 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17085601
When you view the certificate does it say you have a valid private key associated with it?

Dave Dietz
0
 

Author Comment

by:Zeek0
ID: 17085633
Nope.  Is it possible to recover the use of the certificate without it?  
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17085678
Nope.

Certificate without the private key is basically useless.

How did you generate the certificate request and what format was the certificate in when you received it?

Dave Dietz
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Zeek0
ID: 17090165
I got the cert from entrust.  I created a certificate request in IIS, then pasted the contents to the Entrust site, then copied the resulting certificate into a file an imported it.

After I generated the certificate request, I had to go back and reinstall the self-signed cert because I needed to keep my site up.  Therefore, I didn't install the new certificate as a response to the certificate request; I just imported the .cer file when I got it from Entrust and tried to use that.  

I'm wondering now if that's why I don't have the private key?  I didn't think much of the request-fulfillment process.  I still have a file containing the request I used to get the cert if that would help me out somehow.
0
 

Author Comment

by:Zeek0
ID: 17090480
Success!!

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/53dfdb5e-6106-4d99-85bb-da199bc27c7e.mspx?mfr=true

Above is a microsoft.com article that explains how to use a certificate if you screw up the installation process (as I did).  If you don't process the pending request in IIS 6, it removes the associated private key that was generated by the cert request.

0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 17090560
When you went to reinstall the old cert you had to delete the pending request or the new certificate - this is where the problem started.  When you did this you deleted the information used to bind the Certificate to he private key.

The certreq.txt file is a CSR - Certifiate Signing Request - and it does *not* contain the private key or help in any way with this issue.

Do you have MS Certificate server installe (ormore importantly, a copy of certutil.exe)?  If so there may still be a way to recover the private key and get the certificate working.

Dave Dietz
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17090622
Sounds like you got where I was going before I got there.... :-)

Dave Dietz
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
This video discusses moving either the default database or any database to a new volume.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now