[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Certification renewal for OWA

Posted on 2006-11-06
3
Medium Priority
?
3,859 Views
Last Modified: 2012-08-14
Hello - We run Outlook Web Access on Exchange 2003 - SP2, Windows 2003 SP1. We have a front-end - Back-end mail configuration. We have a CA on our back-end exchange server. Our certificate for OWA just expired and I'm trying to renew it, but running into some trouble. Here's what I'm doing:

I go to our Front-end and go into IIS to Default Web site. I go into the properties of the default site and go to Directory Security, down to Server Certificate. I create the request to renew the current cert and sending it to a text file. When I go into CA to Submit a new request and select this text file, I get an error:

The Request contains no certificate template information. 0x80094801 (-2146875391). Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.

Also, if I go into mmc and pull in the Certificates plug-in (for computers) I can see the certifcate used by the mail server. If I right click and go to renew it tells me:

You do not have permission to request a certificate based on the selected certificate template.

I've checked in certificate templates and verified my user account (administrator) and Domain computers have read/write/enroll permissions, so I'm a bit confused how I don't have access to it.

Any thoughts?

0
Comment
Question by:WPI Help
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17884357
Why are you using a home grown certificate?
You realise that you are going to have to visit all the machines with that certificate on them and replace the existing certificate?
Save yourself a lot of bother and purchase a certificate - they are $20 from GoDaddy or $60 from RapidSSL.
No certificate prompts, no certificates to install on the clients, a much easier life.
How long have you been playing around with this? How much do you spend telling the users how to install the certificate?

Simon.
0
 

Author Comment

by:WPI Help
ID: 17884386
Simon - I've been leaning that way actually. I 'inherited' this when I started here about 1.5 years ago. It was already setup this way. I'm not sure the initial intent behind having our own CA server, since we only use a cert for OWA right now anyway.

So let me ask you this - If we did go with a 3rd party cert - would i just wipe out the expired homegrown cert and it'll give me the ability to import / insert this 3rd party cert into the site?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 17884597
You have to remove the old SSL certificate before you can create a new request. In most cases you can get a certificate in about 30 minutes, so that isn't a problem. When I have had timing issues in the past I have created a second dummy site somewhere, requested the certificate on that site, put the response in to that site, then immediately exported the certificate to a file and moved it.

Simon.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question