Solved

Certification renewal for OWA

Posted on 2006-11-06
3
3,841 Views
Last Modified: 2012-08-14
Hello - We run Outlook Web Access on Exchange 2003 - SP2, Windows 2003 SP1. We have a front-end - Back-end mail configuration. We have a CA on our back-end exchange server. Our certificate for OWA just expired and I'm trying to renew it, but running into some trouble. Here's what I'm doing:

I go to our Front-end and go into IIS to Default Web site. I go into the properties of the default site and go to Directory Security, down to Server Certificate. I create the request to renew the current cert and sending it to a text file. When I go into CA to Submit a new request and select this text file, I get an error:

The Request contains no certificate template information. 0x80094801 (-2146875391). Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.

Also, if I go into mmc and pull in the Certificates plug-in (for computers) I can see the certifcate used by the mail server. If I right click and go to renew it tells me:

You do not have permission to request a certificate based on the selected certificate template.

I've checked in certificate templates and verified my user account (administrator) and Domain computers have read/write/enroll permissions, so I'm a bit confused how I don't have access to it.

Any thoughts?

0
Comment
Question by:WPI Help
  • 2
3 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17884357
Why are you using a home grown certificate?
You realise that you are going to have to visit all the machines with that certificate on them and replace the existing certificate?
Save yourself a lot of bother and purchase a certificate - they are $20 from GoDaddy or $60 from RapidSSL.
No certificate prompts, no certificates to install on the clients, a much easier life.
How long have you been playing around with this? How much do you spend telling the users how to install the certificate?

Simon.
0
 

Author Comment

by:WPI Help
ID: 17884386
Simon - I've been leaning that way actually. I 'inherited' this when I started here about 1.5 years ago. It was already setup this way. I'm not sure the initial intent behind having our own CA server, since we only use a cert for OWA right now anyway.

So let me ask you this - If we did go with a 3rd party cert - would i just wipe out the expired homegrown cert and it'll give me the ability to import / insert this 3rd party cert into the site?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17884597
You have to remove the old SSL certificate before you can create a new request. In most cases you can get a certificate in about 30 minutes, so that isn't a problem. When I have had timing issues in the past I have created a second dummy site somewhere, requested the certificate on that site, put the response in to that site, then immediately exported the certificate to a file and moved it.

Simon.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now