DanMascheck
asked on
Can't uninstall an installed certificate
I have upgraded our email server to Exchange 2007 and installed a SSL certificate to help with the HTTPS:// well whomever created out domain created a subdomain that all our servers reside on. So in order to view our webpages you go mail you go to https://mail.ssesh.org but the FQDN of the actual server is mail.ststephens.ssesh.org so the SSL has an error when users are operating on the internal LAN. so i told the users to install the certificate and that should work, well it didn't. I got a new SSL cert that goes to mail.ststephens.ssesh.org and fixed all internet and and SSL issues. But now i have some certs installed that i can't remove and is causing issues with outlook. IS there a way that i can uninstall the certiifcate. I have tried the tradtional delete method and when i do, i get a you don't have permission to remove this ceritifcate error. So how can i remove it. I am logged on as a administrator
ASKER
nothing is showing up
but when i go to control panel, internet options, content, and certificates on the other people tab i still see the mail.ssesh.org cert and i need to remove that cert and install the mail.ststephens.ssesh.org cert
but when i go to control panel, internet options, content, and certificates on the other people tab i still see the mail.ssesh.org cert and i need to remove that cert and install the mail.ststephens.ssesh.org cert
I don't see how removing the certificate will resolve your problem. The machine looks for a certificate that matches the name the user is accessing. Therefore if the users are accessing mail.ststephens.ssesh.org then it will use that certificate. The system will not even look at the mail.ssesh.org certificate.
If you are seeing certificate issues with Outlook 2007 then you haven't got the certificate installed correctly in Exchange, or the URLs are not set correctly.
Simon.
If you are seeing certificate issues with Outlook 2007 then you haven't got the certificate installed correctly in Exchange, or the URLs are not set correctly.
Simon.
ASKER
so you are telling me that i dont' have it installed. then how do i get eh certifcate off the server so i can install
No I didn't say that. What I am saying is that the old certificate doesn't matter.
You have changed the URLs, therefore Windows is not going to use the old certificate because the URL on the certificate is different.
Having the certificates with the names you have stated is no different from certificates in the name of mail.domain1.com and mail.domain2.com. Windows will not use the certificate with mail.domain1.com on it for mail.domain2.com.
Simon.
You have changed the URLs, therefore Windows is not going to use the old certificate because the URL on the certificate is different.
Having the certificates with the names you have stated is no different from certificates in the name of mail.domain1.com and mail.domain2.com. Windows will not use the certificate with mail.domain1.com on it for mail.domain2.com.
Simon.
ASKER
well i was getting a proxy server error in outlook and i think i solved it by getting the mail.ststephens.ssesh.org cert an install it on the computers.
Who issued the certificate for mail.ststephens.ssesh.org ?
If it was a commercial certificate you shouldn't have to install anything.
Simon.
If it was a commercial certificate you shouldn't have to install anything.
Simon.
ASKER
i got it from godaddy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Forced accept.
Computer101
EE Admin
Computer101
EE Admin
Thist gives the following certificate description.
SSL Certificate bindings:
-------------------------
IP:port : 0.0.0.0:8000
Certificate Hash : 45d08a92798460d84e4ce157f3
Application ID : {00112233-4455-6677-8899-a
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Finally, you can remove the certificate associated with a particular address to undo the earlier changes.
netsh http delete sslcert ipport=0.0.0.0:8000
----
is this helpful?