[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 900
  • Last Modified:

Cert seems to be installed, but not working

I have two servers who are load balanced and share a hostname webmail.mydomain.com.   Since the cert was about to expire, I ran the renew wizard in IIS and renewed the cert through VeriSign.  Everything worked great on the server that I did the renewal from, however, I am having huge issues applying this cert to the second server.

At first I tried doing IIS wizard to copy the cert from the working node and that gave me the general error Server execution failed.  After that failed, I used IIS to export the cert /private key/intermediate key, then I moved the .pfx file over to the second box, and installed the .pfx file.  However, when I looked at the certificates mmc the cert did not show up in Local Computer cert tree, it was only under the Current User cert tree.  I then copied it over to Certificates (Local Computer) à Personalà Certificates  so I could import it into IIS.

At this point I did a replace the current certificate in IIS and chose the cert I just installed.  This seemed to go ok and running View Certificate showed that everything was ok.  However, when I go to the website this cert is active for nothing shows up.  Moreover, in exchange 2007 when I restart the POP3 servers it states:  
A certificate for the host name "webmail.mydomain.com " could not be found. SSL or TLS encryption cannot be made to the POP3 service.

Therefore, even though it is installed, IIS and exchange are not accepting it.  With regards to exchange I even ran the command:
Enable-ExchangeCertificate -services POP -Thumbprint 543EB76F3A4541F26BD&&&.

To see if that would get POP3 working.  No success.  Anyone have direction they could provide?

Thanks!

0
loniadmin
Asked:
loniadmin
  • 2
1 Solution
 
ParanormasticCryptographic EngineerCommented:
I think you covered it all for troubleshooting... at least what I can think of offhand.  I would try creating a new cert request from a temp site in IIS and have Verisign issue you a new cert, install it to the temp site and export it with private key, then use that to replace for both production sites.  Just contact Verisign's support or sales first and they will issue the replacement for free.
0
 
loniadminAuthor Commented:
I was able to solve the issue by going to the VeriSign and follow their specific instructions for exporting.  When I did it, I missed a check box.
0
 
loniadminAuthor Commented:
done.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now