[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Certificate Error

Posted on 2009-02-10
13
Medium Priority
?
1,116 Views
Last Modified: 2012-05-06
We have Exchange 2003 - wiht OWA. The certificate for this one expired. This is a certificate wiht a wildcard *.domain.com so it can be use for other subdomains. This cert was used on 2 servers, webserver and exchangeserver. We purchase the renewal for 2 year. We installed the certificate on the first server "webserver" without any problem wiht godaddy instructions.
Now when i try to install it on the exchangeserver i got problem. I called godaddy for support. they told me to export the cert from exchangeserver and then import on webserver then export again and import back to exchanger server. I know there must be something easier than this. I am new to certificate.
on OWA (exchange server) i have done so far:
IIS -> install intermedite certificate bundel
i am installing the ssl certificate but i got an error on the installing cetificate wizard:
when i browse the certificate i got from godaddy. the error says
"The pending certificate request for this response file was not found. This request may be cancelled. you can not install selected response certificate using the wizard"
This is the way i done it on webserver (first server) without any problem.
can you please guys have any idea what i need to do?
0
Comment
Question by:Faustinoeltino
  • 8
  • 4
13 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 23605705
You need to install the cert to the box that you created the CSR file from (the junk text that you copied into GoDaddy's certificate request page).  Since it went in okay in the webserver, I'm going to assume that was it.  From IIS you can View Certificate and on Details tab click Copy to File button to export it - when you go through the wizard use the option to include the private key.  This will create a .pfx file - copy this over to the exchange box and import it there.

Since its exchange, you will probably need to tell it to use the new cert for various purposes.  Replace "abc123" with the thumbprint of the certificate - you can get this from the details tab of the certificate and look for thumbprint or fingerprint.

Enable-ExchangeCertificate -thumbprint "abc123" -services SMTP
Enable-ExchangeCertificate -thumbprint "abc123" -services IMAP
Enable-ExchangeCertificate -thumbprint "abc123" -services POP
Enable-ExchangeCertificate -thumbprint "abc123" -services IIS
 
Then remove the old certificate (get its attribute):
Remove-ExchangeCertificate -thumbprint "abc123"
0
 

Author Comment

by:Faustinoeltino
ID: 23605932
Yes, the Webserver #1 is working fine. NO problem.
Do daddy send me 2 files wiht step i installed wihtout any problem on webserver. the files are:
domain.com.crt and gd_iis_intermediates.p7b the installation was sucesull on both server.
I have a problem on the exchangeserver the option to import the privatekey is gray out. i can not select it.
So i do not have to call godaddy to do a re-issue or do a new CSR for the exchangeserver,
everthing should be done on the IIS correct?
Please let me knwo their support is sucks.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 23606109
Did you create a CSR for the second server?
If you did then that is the first problem. Run the wizard and remove it.
Do you have the certificate on the first server correctly?
If so, then export the certificate from that server.
There are two ways to do that - through the wizard or open the site in Internet Explorer and then save the certificate to a CER file. You can then copy those files to the new server and import them through IIS manager.

I am actually surprised that GoDaddy support assisted you. Most certificate suppliers state their certificate is per server, so if you have two server you should purchase two certificates.

-M
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:Faustinoeltino
ID: 23607844
First question - no i have create a CSR for the second server - "exchangeserver"; only for the first "webserver" when i got on support with godaddy.
second question - yes i do have the certificate from the first server " webserver"

Well, the certificate i have comes with a while card in the front, that we can use it for multiple subdomain according to them, this is it           " *.domain.com " 

What i see is that we have been using this certificate in 3 server of course using subdomain like
https://web1.domain.com , and so on for https://owa.domain.com https://owa2.domain.com.
and because of that the certificate expired on all these server yesterday. This is why i contact godaddy for renewal, and follow the installation on webserver1 without any problem. The problem starts when i wanted to do the same thing on exchangeserver1, giving me the error above. After this i will have to do it on the exchangerserver2. Well that is the story. I will read some info tonight and play around tomorrow with your advice.
0
 

Author Comment

by:Faustinoeltino
ID: 23607846
first question  is not i have not
0
 

Author Comment

by:Faustinoeltino
ID: 23607857
sorry, i meant a wildcard on the above comment... i guess i need some rest.. talk to u tomorrow
0
 

Author Comment

by:Faustinoeltino
ID: 23612442
Paranormastic:
i need help how to import the cert that i have form the webserver to exchangeserver. please provide me steps for IIS v6.
Please explain me details step for this below, i will really appreciate it:
Since its exchange, you will probably need to tell it to use the new cert for various purposes.  Replace "abc123" with the thumbprint of the certificate - you can get this from the details tab of the certificate and look for thumbprint or fingerprint.

Enable-ExchangeCertificate -thumbprint "abc123" -services SMTP
Enable-ExchangeCertificate -thumbprint "abc123" -services IMAP
Enable-ExchangeCertificate -thumbprint "abc123" -services POP
Enable-ExchangeCertificate -thumbprint "abc123" -services IIS
 
Then remove the old certificate (get its attribute):
Remove-ExchangeCertificate -thumbprint "abc123"
thanks a lot,
0
 
LVL 65

Expert Comment

by:Mestha
ID: 23614281
Those instructions are for Exchange 2007. You are using Exchange 2003 so they are not appropriate to you.
You need to import the certificate you have exported from the server where the certificate is working through IIS manager or the Certificate manager.

-M
0
 

Author Comment

by:Faustinoeltino
ID: 23614390
yes, i already import the certificate to the exchange server. I see in the certificates snap-in on personal - certificates folder. 2 certificates are there the old and the new one.
What i need now is to how do i enable to IIS to make work, and there is anything else i need to do?
I have Exch2003 , and IIS V6 on win2003 sp2 starndard 32 bit.
Please help Mestha.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 1500 total points
ID: 23614604
If the certificates are in the store, then run the Certificate wizard on the web site in IIS and choose to assign an existing certificate. You will then get a list of certificate available and can choose the relevant one.
Once done, run iisreset and that should be it.

-M
0
 

Author Comment

by:Faustinoeltino
ID: 23614975

 I Launch IIS
 Right Click on your website and choose properties.
 Click on the Directory Security tab.
 Choose the Server Certificate button.
 Choose next to the Welcome wizard.
 Place the radio button in Process the pending request or install certificate Choose Next.
I browse the pfx file and then hit next and i get the following error
"The pending certificate request for this response file was not found. This request may be cancelled. you can not install selected response certificate using the wizard"
my question is should i select - delete the pending request and then go back and select "process the pending request or install certificate"
I jus do not want to mess it up wiht the whole IIS. What would it happedn if i do this??
Thanks Mestha for your help.
0
 

Author Comment

by:Faustinoeltino
ID: 23615691
problem is solved.
I had to delete the expired certificate first.
as i said above i had to select - delete the pending request for expired certificate, then
-go back and select -process the pending request or install certificate , browse and select the .pfx file
then stop and start IIS, and that is it. problem solved.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 23616525
Just to tidy up, on an earlier post I did point out about removing any pending request on the second server.

-M
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month18 days, 16 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question