?
Solved

I have 2 certificates produced from the same CSR, is one of them going to be useless?

Posted on 2008-06-19
3
Medium Priority
?
331 Views
Last Modified: 2011-10-03
I have 2 certificates from different public CA's that where purchased using the same CSR.  However I am only able to import 1 to the original server via  "process pending request". If I import and replace via the Certificate MMC and IIS, the server doesn't believe it has a private key to match the second certificate. I am also unable to export (with the second cert in use) to a .pfx file. I guess because of the private key issue.  I need to use the second cert, not the first.  Does anyone know how to fix this?
0
Comment
Question by:58Robinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
John Gates, CISSP earned 2000 total points
ID: 21829831
You used the same CSR so only the server that originally created that request will be able to import the certificate that you purchased with it.  There is nothing you can do besides (If this was a purchased 3rd party certificate) call the company and explain the problem and see if they will give you a credit for one.

-D-
0
 
LVL 5

Expert Comment

by:JuckMan
ID: 21835902
Did you try removing the first certificate from "Certificate MMC" from your server and then importing the second certificate?

depend on the certificate type, it could be in a machine store, personal store, so make sure you completely remove the first cerficate from your machine before you start installing the second certificate..

hope this helps
0
 

Author Comment

by:58Robinson
ID: 21836886
Thanks for your responses.
The certificate is a Thwate certificate.  They give free reissues for the life of the certificate I guess so an old cert can be revoked in case someone exports it (with the key) and runs off with it. So I created a new CSR on a new temporary website on the same machine and organised a reissue using the new CSR.
When it comes in I'll  "proceed with pending" and remove the other cert.

JuckMan - I exported the problem causing first cert with the key and installed on a test machine to see if any removal type scenario would work.  It doesn't.  When you delete the cert the key goes with it. Each time a CSR is created, it's a unique key and once it's "used" it's used.  Thwate confirmed what I had to do.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question