I have 2 certificates produced from the same CSR, is one of them going to be useless?

I have 2 certificates from different public CA's that where purchased using the same CSR.  However I am only able to import 1 to the original server via  "process pending request". If I import and replace via the Certificate MMC and IIS, the server doesn't believe it has a private key to match the second certificate. I am also unable to export (with the second cert in use) to a .pfx file. I guess because of the private key issue.  I need to use the second cert, not the first.  Does anyone know how to fix this?
58RobinsonAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
John Gates, CISSPConnect With a Mentor Security ProfessionalCommented:
You used the same CSR so only the server that originally created that request will be able to import the certificate that you purchased with it.  There is nothing you can do besides (If this was a purchased 3rd party certificate) call the company and explain the problem and see if they will give you a credit for one.

-D-
0
 
JuckManCommented:
Did you try removing the first certificate from "Certificate MMC" from your server and then importing the second certificate?

depend on the certificate type, it could be in a machine store, personal store, so make sure you completely remove the first cerficate from your machine before you start installing the second certificate..

hope this helps
0
 
58RobinsonAuthor Commented:
Thanks for your responses.
The certificate is a Thwate certificate.  They give free reissues for the life of the certificate I guess so an old cert can be revoked in case someone exports it (with the key) and runs off with it. So I created a new CSR on a new temporary website on the same machine and organised a reissue using the new CSR.
When it comes in I'll  "proceed with pending" and remove the other cert.

JuckMan - I exported the problem causing first cert with the key and installed on a test machine to see if any removal type scenario would work.  It doesn't.  When you delete the cert the key goes with it. Each time a CSR is created, it's a unique key and once it's "used" it's used.  Thwate confirmed what I had to do.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.