Solved

I have 2 certificates produced from the same CSR, is one of them going to be useless?

Posted on 2008-06-19
3
312 Views
Last Modified: 2011-10-03
I have 2 certificates from different public CA's that where purchased using the same CSR.  However I am only able to import 1 to the original server via  "process pending request". If I import and replace via the Certificate MMC and IIS, the server doesn't believe it has a private key to match the second certificate. I am also unable to export (with the second cert in use) to a .pfx file. I guess because of the private key issue.  I need to use the second cert, not the first.  Does anyone know how to fix this?
0
Comment
Question by:58Robinson
3 Comments
 
LVL 17

Accepted Solution

by:
John Gates earned 500 total points
ID: 21829831
You used the same CSR so only the server that originally created that request will be able to import the certificate that you purchased with it.  There is nothing you can do besides (If this was a purchased 3rd party certificate) call the company and explain the problem and see if they will give you a credit for one.

-D-
0
 
LVL 5

Expert Comment

by:JuckMan
ID: 21835902
Did you try removing the first certificate from "Certificate MMC" from your server and then importing the second certificate?

depend on the certificate type, it could be in a machine store, personal store, so make sure you completely remove the first cerficate from your machine before you start installing the second certificate..

hope this helps
0
 

Author Comment

by:58Robinson
ID: 21836886
Thanks for your responses.
The certificate is a Thwate certificate.  They give free reissues for the life of the certificate I guess so an old cert can be revoked in case someone exports it (with the key) and runs off with it. So I created a new CSR on a new temporary website on the same machine and organised a reissue using the new CSR.
When it comes in I'll  "proceed with pending" and remove the other cert.

JuckMan - I exported the problem causing first cert with the key and installed on a test machine to see if any removal type scenario would work.  It doesn't.  When you delete the cert the key goes with it. Each time a CSR is created, it's a unique key and once it's "used" it's used.  Thwate confirmed what I had to do.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now