Certificate is invalid

Posted on 2009-02-17
Medium Priority
Last Modified: 2012-05-06
I have a Windows SBS 2003 setup for OWA. I have created a certificate on it.
I have an A record for mail.mydomainname.com
When I use Windows XP and IE7, I am able to install the certifictate by doing a  http://mail.mydomainname.com/certsrv.
I am not able to use IE7 with Windows Vista without getting a "certificate is invalid" message.
I do not want to have to purchase a third party certificate, if at all possible.
Question by:villartech
  • 2
  • 2
LVL 26

Expert Comment

ID: 23660399
Did you try to add certificate to Vista machine using Run --> Type: MMC --> Add/Remove snapin --> Add --> Certificate

LVL 31

Expert Comment

ID: 23661918
Save the certificate to file - you can export it from IIS or from one of your xp boxes in Certificates MMC and open trusted root certificate store, or personal store depending where it got put.  Open up the cert - details tab - copy to file button - follow the wizard to save to file.

You can either deploy via GPO as a trusted root certifcate or you can copy it to the vista box and import it - assign manually - checkmark 'show physical stores' then select trusted root certification authorities store.

Author Comment

ID: 23700698
I have tried both recomendations - neither worked.
When I import the certificate into the trusted root certification authority store using the import wizard, it indicates that it was successfull.
I do not see the certificate listed, after the import though.
FYI - When I view the certificate after I get the error, it says "This certificate cannot be verified up to a trusted certification authority.
I have tried turning on SSL on the SBS 2003 server and I have tried importing the certificate in both the .cer and .pfx formats.
LVL 31

Accepted Solution

Paranormastic earned 2000 total points
ID: 23713157
Check the certificate on the server - details tab - verify that the issuer name is not that server, but the CA server instead.

If you have multiple CAs (e.g. a root and subordinate) you need to have at least the root installed, preferably both CA certs.  The root cert should be in your trusted root certification authority store.  Checkmark the 'show physical stores'
when manually selecting the store to have available for all users.

PFX should only be on the server that the cert is issued to as it contains the private key.  The .cer that needs to be imported is only the CA server cert files, not the website cert - the website's .cer only needs to be available on the server.

Author Comment

ID: 23879315
Thanks for your assitance

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hyper-convergence systems have taken the IT world by storm and have quickly started to change our point of view of how the data center should and could be architected. In this article, I’ll explain the benefits of employing a hyper-converged system …
New style of hardware planning for Microsoft Exchange server.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question