Solved

Certification renewal for OWA

Posted on 2006-11-06
3
3,840 Views
Last Modified: 2012-08-14
Hello - We run Outlook Web Access on Exchange 2003 - SP2, Windows 2003 SP1. We have a front-end - Back-end mail configuration. We have a CA on our back-end exchange server. Our certificate for OWA just expired and I'm trying to renew it, but running into some trouble. Here's what I'm doing:

I go to our Front-end and go into IIS to Default Web site. I go into the properties of the default site and go to Directory Security, down to Server Certificate. I create the request to renew the current cert and sending it to a text file. When I go into CA to Submit a new request and select this text file, I get an error:

The Request contains no certificate template information. 0x80094801 (-2146875391). Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.

Also, if I go into mmc and pull in the Certificates plug-in (for computers) I can see the certifcate used by the mail server. If I right click and go to renew it tells me:

You do not have permission to request a certificate based on the selected certificate template.

I've checked in certificate templates and verified my user account (administrator) and Domain computers have read/write/enroll permissions, so I'm a bit confused how I don't have access to it.

Any thoughts?

0
Comment
Question by:WPI Help
  • 2
3 Comments
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Why are you using a home grown certificate?
You realise that you are going to have to visit all the machines with that certificate on them and replace the existing certificate?
Save yourself a lot of bother and purchase a certificate - they are $20 from GoDaddy or $60 from RapidSSL.
No certificate prompts, no certificates to install on the clients, a much easier life.
How long have you been playing around with this? How much do you spend telling the users how to install the certificate?

Simon.
0
 

Author Comment

by:WPI Help
Comment Utility
Simon - I've been leaning that way actually. I 'inherited' this when I started here about 1.5 years ago. It was already setup this way. I'm not sure the initial intent behind having our own CA server, since we only use a cert for OWA right now anyway.

So let me ask you this - If we did go with a 3rd party cert - would i just wipe out the expired homegrown cert and it'll give me the ability to import / insert this 3rd party cert into the site?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
Comment Utility
You have to remove the old SSL certificate before you can create a new request. In most cases you can get a certificate in about 30 minutes, so that isn't a problem. When I have had timing issues in the past I have created a second dummy site somewhere, requested the certificate on that site, put the response in to that site, then immediately exported the certificate to a file and moved it.

Simon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now