Solved

Certification renewal for OWA

Posted on 2006-11-06
3
3,852 Views
Last Modified: 2012-08-14
Hello - We run Outlook Web Access on Exchange 2003 - SP2, Windows 2003 SP1. We have a front-end - Back-end mail configuration. We have a CA on our back-end exchange server. Our certificate for OWA just expired and I'm trying to renew it, but running into some trouble. Here's what I'm doing:

I go to our Front-end and go into IIS to Default Web site. I go into the properties of the default site and go to Directory Security, down to Server Certificate. I create the request to renew the current cert and sending it to a text file. When I go into CA to Submit a new request and select this text file, I get an error:

The Request contains no certificate template information. 0x80094801 (-2146875391). Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.

Also, if I go into mmc and pull in the Certificates plug-in (for computers) I can see the certifcate used by the mail server. If I right click and go to renew it tells me:

You do not have permission to request a certificate based on the selected certificate template.

I've checked in certificate templates and verified my user account (administrator) and Domain computers have read/write/enroll permissions, so I'm a bit confused how I don't have access to it.

Any thoughts?

0
Comment
Question by:WPI Help
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17884357
Why are you using a home grown certificate?
You realise that you are going to have to visit all the machines with that certificate on them and replace the existing certificate?
Save yourself a lot of bother and purchase a certificate - they are $20 from GoDaddy or $60 from RapidSSL.
No certificate prompts, no certificates to install on the clients, a much easier life.
How long have you been playing around with this? How much do you spend telling the users how to install the certificate?

Simon.
0
 

Author Comment

by:WPI Help
ID: 17884386
Simon - I've been leaning that way actually. I 'inherited' this when I started here about 1.5 years ago. It was already setup this way. I'm not sure the initial intent behind having our own CA server, since we only use a cert for OWA right now anyway.

So let me ask you this - If we did go with a 3rd party cert - would i just wipe out the expired homegrown cert and it'll give me the ability to import / insert this 3rd party cert into the site?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17884597
You have to remove the old SSL certificate before you can create a new request. In most cases you can get a certificate in about 30 minutes, so that isn't a problem. When I have had timing issues in the past I have created a second dummy site somewhere, requested the certificate on that site, put the response in to that site, then immediately exported the certificate to a file and moved it.

Simon.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question