Solved

SSL  Cert location

Posted on 2006-11-15
9
1,061 Views
Last Modified: 2008-02-01
I have removed an old cert using iis directory security and created a new one, When I log in remotely I can see that the new cert is correct and can use owa over ssl, but where can I locate this cert on the server, normally it saves it directly to the C drive,but only the old cert is there, my os is 2003 sbs
0
Comment
Question by:Sid_F
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 17947443
To view all installed certs, you need to use the certificate management console.  start-run-mmc. file-add snapins-add select certificate and hit add then close, ok and you should now see the installed certificates on your system.  Save the certificate console for easier access.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17947471
just search your hard drive for for *.crt and/or *.pfx files and it will find all of them.

0
 
LVL 5

Author Comment

by:Sid_F
ID: 17947772
Already searched for *.pfx and for *.crt but it didnt find the new certs.

There seems to be alot more settings then just clicking add snap in and selecting certificates, it then give options for my user / service / account so I'm not sure how to add it so I can download the cert to a PC
0
 
LVL 5

Author Comment

by:Sid_F
ID: 17948052
Ok, seems to be a strange one I configured certificate services with a self signed cert for server.localdomain.local as I had not registered an "A" record for their domain to point to their servers static ip, so all users used https://servers ip address/exchange for OWA (Obviously I got the error the certificate does not match .... but this was ok as your clicked continue and are then prompted to login)

At this point I could see the cert on the root drive and could import it to any handheld. When I lokked at the certificate in iis and checked the certificate path it had server.localdomain.local

I then had an "A" record for their domain registered to webmail.internetdomain.com so I went to iis directory security and removed the current cert and then created a new one.

All worked well and when I login to owa over ssl I can see cert issued to webmail.internetdomain.com
When I go to iis and directory security and view certificate and then certificate path it has server.localdomain.com  with the new certificate underneath it. I also can't seem to find the new cert any where apart from above.

I am thinking that maybe i need to reinstall certificate services and set it to use webmail.internetdomain.com as it would appear you firstly create the parent cert (which is what you import to handhelds) and all other certs are a kind of virtual cert ??

I am very open to correction !!
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 5

Author Comment

by:Sid_F
ID: 17948434
Any certificate experts out there ?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17948599
yes it would be cleaner to just reinstall Cert services and start over from scratch if you aren't sure what is going on.  Yes you will need to use the public domain if you dont want external users to get the error. This is just another problem that is created when you use different internal and external domain names.

0
 
LVL 76

Expert Comment

by:arnold
ID: 17948815
As long as the systems that access the OWA with the selfsigned certificate are members of the domain, they will not see the error.

The certificate is usually in the personal category.  After you add the certificate snap in, expand the items therein.  there you will see the certificate which should be under the system.  Are you looking for the certificate on the user's system?

Did you sign the new certificate?  I think you can only create a certificate signing request (CSR) which then needs to be processed by your certificate authority if you installed it.  If not, you have to buy a certificate which involves submitting your CSR to signing authority.  

At times, when the signing authority is unknown to the application/device, the user is often prompted on whether they wish to accept the certificate/signing authority as authoritative to avoid similar notices in the future.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 18009210
On SBS you do NOT use Certificate Services.  Please uninstall that.  You can remove ALL certificates created by opening up an MMC and adding the Certificates Snap-In.

Then, you must recreate the SSL certificate the proper way for SBS which is running the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Within that wizard you'll see a "more information" button on each screen that has invaluable help in deciding which options to select.  
Be sure to check those out as well.

Please take a moment to review the SBS Overview for IT Pros, which describes why you need to treat SBS differently:  http://sbsurl.com/itpro

Basically, SBS is a preconfigured environment with a combination of components that requires very specific synchronized settings in order for them all to work correctly in a single machine.  You must configure an SBS using all available wizards if you want to have it operate trouble-free.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18009216
Just to clarify, when you run the CEICW you will be asked for the INTERNET FQDN which will be properly placed on the certificate WITH the internal domain, the companyweb alias and server's host name.

Jeff
TechSoEasy
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now