Solved

SSL  Cert location

Posted on 2006-11-15
9
1,063 Views
Last Modified: 2008-02-01
I have removed an old cert using iis directory security and created a new one, When I log in remotely I can see that the new cert is correct and can use owa over ssl, but where can I locate this cert on the server, normally it saves it directly to the C drive,but only the old cert is there, my os is 2003 sbs
0
Comment
Question by:Sid_F
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 17947443
To view all installed certs, you need to use the certificate management console.  start-run-mmc. file-add snapins-add select certificate and hit add then close, ok and you should now see the installed certificates on your system.  Save the certificate console for easier access.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17947471
just search your hard drive for for *.crt and/or *.pfx files and it will find all of them.

0
 
LVL 6

Author Comment

by:Sid_F
ID: 17947772
Already searched for *.pfx and for *.crt but it didnt find the new certs.

There seems to be alot more settings then just clicking add snap in and selecting certificates, it then give options for my user / service / account so I'm not sure how to add it so I can download the cert to a PC
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 6

Author Comment

by:Sid_F
ID: 17948052
Ok, seems to be a strange one I configured certificate services with a self signed cert for server.localdomain.local as I had not registered an "A" record for their domain to point to their servers static ip, so all users used https://servers ip address/exchange for OWA (Obviously I got the error the certificate does not match .... but this was ok as your clicked continue and are then prompted to login)

At this point I could see the cert on the root drive and could import it to any handheld. When I lokked at the certificate in iis and checked the certificate path it had server.localdomain.local

I then had an "A" record for their domain registered to webmail.internetdomain.com so I went to iis directory security and removed the current cert and then created a new one.

All worked well and when I login to owa over ssl I can see cert issued to webmail.internetdomain.com
When I go to iis and directory security and view certificate and then certificate path it has server.localdomain.com  with the new certificate underneath it. I also can't seem to find the new cert any where apart from above.

I am thinking that maybe i need to reinstall certificate services and set it to use webmail.internetdomain.com as it would appear you firstly create the parent cert (which is what you import to handhelds) and all other certs are a kind of virtual cert ??

I am very open to correction !!
0
 
LVL 6

Author Comment

by:Sid_F
ID: 17948434
Any certificate experts out there ?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17948599
yes it would be cleaner to just reinstall Cert services and start over from scratch if you aren't sure what is going on.  Yes you will need to use the public domain if you dont want external users to get the error. This is just another problem that is created when you use different internal and external domain names.

0
 
LVL 77

Expert Comment

by:arnold
ID: 17948815
As long as the systems that access the OWA with the selfsigned certificate are members of the domain, they will not see the error.

The certificate is usually in the personal category.  After you add the certificate snap in, expand the items therein.  there you will see the certificate which should be under the system.  Are you looking for the certificate on the user's system?

Did you sign the new certificate?  I think you can only create a certificate signing request (CSR) which then needs to be processed by your certificate authority if you installed it.  If not, you have to buy a certificate which involves submitting your CSR to signing authority.  

At times, when the signing authority is unknown to the application/device, the user is often prompted on whether they wish to accept the certificate/signing authority as authoritative to avoid similar notices in the future.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 18009210
On SBS you do NOT use Certificate Services.  Please uninstall that.  You can remove ALL certificates created by opening up an MMC and adding the Certificates Snap-In.

Then, you must recreate the SSL certificate the proper way for SBS which is running the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Within that wizard you'll see a "more information" button on each screen that has invaluable help in deciding which options to select.  
Be sure to check those out as well.

Please take a moment to review the SBS Overview for IT Pros, which describes why you need to treat SBS differently:  http://sbsurl.com/itpro

Basically, SBS is a preconfigured environment with a combination of components that requires very specific synchronized settings in order for them all to work correctly in a single machine.  You must configure an SBS using all available wizards if you want to have it operate trouble-free.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18009216
Just to clarify, when you run the CEICW you will be asked for the INTERNET FQDN which will be properly placed on the certificate WITH the internal domain, the companyweb alias and server's host name.

Jeff
TechSoEasy
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question