Solved

I have 2 certificates produced from the same CSR, is one of them going to be useless?

Posted on 2008-06-19
3
322 Views
Last Modified: 2011-10-03
I have 2 certificates from different public CA's that where purchased using the same CSR.  However I am only able to import 1 to the original server via  "process pending request". If I import and replace via the Certificate MMC and IIS, the server doesn't believe it has a private key to match the second certificate. I am also unable to export (with the second cert in use) to a .pfx file. I guess because of the private key issue.  I need to use the second cert, not the first.  Does anyone know how to fix this?
0
Comment
Question by:58Robinson
3 Comments
 
LVL 17

Accepted Solution

by:
John Gates earned 500 total points
ID: 21829831
You used the same CSR so only the server that originally created that request will be able to import the certificate that you purchased with it.  There is nothing you can do besides (If this was a purchased 3rd party certificate) call the company and explain the problem and see if they will give you a credit for one.

-D-
0
 
LVL 5

Expert Comment

by:JuckMan
ID: 21835902
Did you try removing the first certificate from "Certificate MMC" from your server and then importing the second certificate?

depend on the certificate type, it could be in a machine store, personal store, so make sure you completely remove the first cerficate from your machine before you start installing the second certificate..

hope this helps
0
 

Author Comment

by:58Robinson
ID: 21836886
Thanks for your responses.
The certificate is a Thwate certificate.  They give free reissues for the life of the certificate I guess so an old cert can be revoked in case someone exports it (with the key) and runs off with it. So I created a new CSR on a new temporary website on the same machine and organised a reissue using the new CSR.
When it comes in I'll  "proceed with pending" and remove the other cert.

JuckMan - I exported the problem causing first cert with the key and installed on a test machine to see if any removal type scenario would work.  It doesn't.  When you delete the cert the key goes with it. Each time a CSR is created, it's a unique key and once it's "used" it's used.  Thwate confirmed what I had to do.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question