Solved

Can't uninstall an installed certificate

Posted on 2007-12-05
11
8,154 Views
Last Modified: 2008-02-01
I have upgraded our email server to Exchange 2007 and installed a SSL certificate to help with the HTTPS:// well whomever created out domain created a subdomain that all our servers reside on.  So in order to view our webpages you go mail you go to https://mail.ssesh.org  but the FQDN of the actual server is mail.ststephens.ssesh.org so the SSL has an error when users are operating on the internal LAN.  so i told the users to install the certificate and that should work, well it didn't. I got a new SSL cert that goes to mail.ststephens.ssesh.org and fixed all internet and and SSL issues.  But now i have some certs installed that i can't remove and is causing issues with outlook.  IS there a way that i can uninstall the certiifcate.  I have tried the tradtional delete method and when i do, i get a you don't have permission to remove this ceritifcate error.  So how can i remove it.  I am logged on as a administrator
0
Comment
Question by:DanMascheck
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 8

Expert Comment

by:YGregersen
ID: 20412537
netsh http show sslcert

Thist gives  the following certificate description.

SSL Certificate bindings:
-------------------------
    IP:port                 : 0.0.0.0:8000
    Certificate Hash        : 45d08a92798460d84e4ce157f31662b36c4edbff
    Application ID          : {00112233-4455-6677-8899-aabbccddeeff}
    Certificate Store Name  : (null)
    Verify Client Certificate Revocation    : Enabled
    Verify Revocation Using Cached Client Certificate Only    : Disabled
    Usage Check    : Enabled
    Revocation Freshness Time : 0
    URL Retrieval Timeout   : 0
    Ctl Identifier          : (null)
    Ctl Store Name          : (null)
    DS Mapper Usage    : Disabled
    Negotiate Client Certificate    : Disabled

Finally, you can remove the certificate associated with a particular address to undo the earlier changes.

netsh http delete sslcert ipport=0.0.0.0:8000


----

is this helpful?
0
 
LVL 1

Author Comment

by:DanMascheck
ID: 20412655
nothing is showing up

but when i go to control panel, internet options, content, and certificates on the other people tab i still see the mail.ssesh.org cert and i need to remove that cert and install the mail.ststephens.ssesh.org cert
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20415340
I don't see how removing the certificate will resolve your problem. The machine looks for a certificate that matches the name the user is accessing. Therefore if the users are accessing mail.ststephens.ssesh.org then it will use that certificate. The system will not even look at the mail.ssesh.org certificate.
If you are seeing certificate issues with Outlook 2007 then you haven't got the certificate installed correctly in Exchange, or the URLs are not set correctly.

Simon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Comment

by:DanMascheck
ID: 20416801
so you are telling me that i dont' have it installed.  then how do i get eh certifcate off the server so i can install
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20418512
No I didn't say that. What I am saying is that the old certificate doesn't matter.
You have changed the URLs, therefore Windows is not going to use the old certificate because the URL on the certificate is different.

Having the certificates with the names you have stated is no different from certificates in the name of mail.domain1.com and mail.domain2.com. Windows will not use the certificate with mail.domain1.com on it for mail.domain2.com.

Simon.
0
 
LVL 1

Author Comment

by:DanMascheck
ID: 20422933
well i was getting a proxy server error in outlook and i think i solved it by getting the mail.ststephens.ssesh.org cert an install it on the computers.  
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20423108
Who issued the certificate for mail.ststephens.ssesh.org ?
If it was a commercial certificate you shouldn't have to install anything.

Simon.
0
 
LVL 1

Author Comment

by:DanMascheck
ID: 20430195
i got it from godaddy
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20432486
With GoDaddy certificates the only thing you have to install is their root and intermediate certificate on the server - nothing else. Nothing needs to be installed on the client. However if you don't get them the right way round then things will not work correctly. GoDaddy SSL certificate support will be able to tell if the server is exposed to the internet.

Simon.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20591261
Forced accept.

Computer101
EE Admin
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question