Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1076
  • Last Modified:

SSL Cert location

I have removed an old cert using iis directory security and created a new one, When I log in remotely I can see that the new cert is correct and can use owa over ssl, but where can I locate this cert on the server, normally it saves it directly to the C drive,but only the old cert is there, my os is 2003 sbs
0
Sid_F
Asked:
Sid_F
  • 3
  • 2
  • 2
  • +1
1 Solution
 
arnoldCommented:
To view all installed certs, you need to use the certificate management console.  start-run-mmc. file-add snapins-add select certificate and hit add then close, ok and you should now see the installed certificates on your system.  Save the certificate console for easier access.
0
 
mikeleebrlaCommented:
just search your hard drive for for *.crt and/or *.pfx files and it will find all of them.

0
 
Sid_FAuthor Commented:
Already searched for *.pfx and for *.crt but it didnt find the new certs.

There seems to be alot more settings then just clicking add snap in and selecting certificates, it then give options for my user / service / account so I'm not sure how to add it so I can download the cert to a PC
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Sid_FAuthor Commented:
Ok, seems to be a strange one I configured certificate services with a self signed cert for server.localdomain.local as I had not registered an "A" record for their domain to point to their servers static ip, so all users used https://servers ip address/exchange for OWA (Obviously I got the error the certificate does not match .... but this was ok as your clicked continue and are then prompted to login)

At this point I could see the cert on the root drive and could import it to any handheld. When I lokked at the certificate in iis and checked the certificate path it had server.localdomain.local

I then had an "A" record for their domain registered to webmail.internetdomain.com so I went to iis directory security and removed the current cert and then created a new one.

All worked well and when I login to owa over ssl I can see cert issued to webmail.internetdomain.com
When I go to iis and directory security and view certificate and then certificate path it has server.localdomain.com  with the new certificate underneath it. I also can't seem to find the new cert any where apart from above.

I am thinking that maybe i need to reinstall certificate services and set it to use webmail.internetdomain.com as it would appear you firstly create the parent cert (which is what you import to handhelds) and all other certs are a kind of virtual cert ??

I am very open to correction !!
0
 
Sid_FAuthor Commented:
Any certificate experts out there ?
0
 
mikeleebrlaCommented:
yes it would be cleaner to just reinstall Cert services and start over from scratch if you aren't sure what is going on.  Yes you will need to use the public domain if you dont want external users to get the error. This is just another problem that is created when you use different internal and external domain names.

0
 
arnoldCommented:
As long as the systems that access the OWA with the selfsigned certificate are members of the domain, they will not see the error.

The certificate is usually in the personal category.  After you add the certificate snap in, expand the items therein.  there you will see the certificate which should be under the system.  Are you looking for the certificate on the user's system?

Did you sign the new certificate?  I think you can only create a certificate signing request (CSR) which then needs to be processed by your certificate authority if you installed it.  If not, you have to buy a certificate which involves submitting your CSR to signing authority.  

At times, when the signing authority is unknown to the application/device, the user is often prompted on whether they wish to accept the certificate/signing authority as authoritative to avoid similar notices in the future.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
On SBS you do NOT use Certificate Services.  Please uninstall that.  You can remove ALL certificates created by opening up an MMC and adding the Certificates Snap-In.

Then, you must recreate the SSL certificate the proper way for SBS which is running the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Within that wizard you'll see a "more information" button on each screen that has invaluable help in deciding which options to select.  
Be sure to check those out as well.

Please take a moment to review the SBS Overview for IT Pros, which describes why you need to treat SBS differently:  http://sbsurl.com/itpro

Basically, SBS is a preconfigured environment with a combination of components that requires very specific synchronized settings in order for them all to work correctly in a single machine.  You must configure an SBS using all available wizards if you want to have it operate trouble-free.

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Just to clarify, when you run the CEICW you will be asked for the INTERNET FQDN which will be properly placed on the certificate WITH the internal domain, the companyweb alias and server's host name.

Jeff
TechSoEasy
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now