Solved

SSL Certificate problems on SBS 2008

Posted on 2010-08-19
7
1,262 Views
Last Modified: 2012-05-10
OK people who are smarter than me here's a SSL Certifcate problem I need help with.

Client was on SBS 2003.  I exported the GoDaddy issued SSL certificate from the certificates MMC, then rebult the SBS Server to SBS2008.  I rebuilt the server, but used the same server name.  MAMAIN

I tried running the import wizard on the SBS Console and pointed the wizard to the exported file.

OWA & RWW worked but the cert didn't (had to click through the "click here to continue - not recommended" link to get to them.

I deleted the certificates out of the certificate store that referred to my cert "mail.domain.com" using the certificates snap in on the MMC.  (right click - delete)

I've done a generate reqeust in Exchange Management Shell, rekeyed with Godaddy, downloaded the certs.  Imported both files that godaddy has you import into the "Imtermediate certificate authorites" using the certificates MMC.

Gone into Exchange Manangment shell to enable the certificates, but EMS doesn't see the cert.

I've done so many things I'm going nuts.


I would like to start over, but I think I've monkeyed everything up and have unused/unneeded certifcates all over the place.

HERE'S MY QUESTION:

What steps should I do to first clean up the certs, then get my certificate reissued.

Thanks guys and gals
0
Comment
Question by:RJ_Emmett
7 Comments
 
LVL 10

Expert Comment

by:Casey Herman
ID: 33479378
Did you bind the new SSL certificate in IIS7?

Hope this helps.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 33479382
You imported the certificate directly through the mmc?

When using Exchange 2007 you need to use the import-certificate cmdlet to import the certificate in order for Exchange to see it.

After you imported the certificate, exchange will be able to see it (and so you can enable it)

Michael
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 33479484
When using SBS you MUST allways use the wizard in the SBS Console, don't do it through the Exchange Console or the Certificates snapin.

My Advice would be to remove any you have imported and then start the wizard again, if it's godaddy then create a new request and select the option "I require more time" then re-key your certificate and then complete the wizard.

See here for more details on the trusted certificate wizard in SBS 2008: http://blogs.technet.com/b/sbs/archive/2008/09/20/introducing-the-add-a-trusted-certificate-wizard-in-sbs-2008.aspx
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 3

Expert Comment

by:sparky2156
ID: 33479495
Don't know if this is the same problem, but sounds similar. I have had a similar problem with certificaes but in the EMC in Exchange 2010.

Initial problem was that I would create a request through EMC, then go through the process of importing it through EMS, but it wouldnt show up in EMC to complete the operation

Technical problem was that the private key got lost when importing the certificate. The following articles may be of help, and are certainly worth a check.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_25193573.html

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1188

Hope this helps.
0
 

Author Comment

by:RJ_Emmett
ID: 33479535
Casedog - no I didn't.  I was following the instructions Godaddy had and I didn't see any reference to installing using IIS7

MichaelVH - I downloaded the newly rekeyed Cert.  then using the Godaddy instructions imported the certs into the intermediate certification authority.  the download had a p7b file and a crt file, both said they were imported successfully.

Then again following Godaddy's instructions I went into the Exchange manamgement shell (EMS) and tried to enable it, but couldn't find it.

Right now when I run the get-exchangecertificate |fl  it shows three certs all the issuers are CN=companyname-MAMAIN-CA

These "Feel" like they're selfsigned, because I was expecting to see at least one issuer = godaddy

The Cert that has the smtp, iis, imap, pop services enabled says its status "invalid"

when I try to enable either one of the other two certs I get an error message that says

Enable-ExchangeCertificate : An unexpected error occurred while the forms-based
 authentication settings for path /LM/W3SVC/1 were being modified. The error re
turned was 5506.
At line:1 char:27
+ enable-exchangecertificate  <<<< -thumbprint AF395F0CCA0BA9C50429AB12FD6BD7D0
BE34468C -services "smtp, pop, imap, iis"
0
 

Author Comment

by:RJ_Emmett
ID: 33480298
DMAZTER,

I followed the instructions you gave and used the wizard.  Now the GoDaddy cert shows up and I have secure access to the https://mail.domain.com/remote with no issues, but the https://mail.domain.com/owa blank screens out on me.  Subsequently, when I use RWW I can remote into a desktop with no problems.  However, when I click on "check email" it allows me in, but all items that would have some sort of icon have a red X on them.

It sounded like port 443 may not be open on the firewall/server, but I was able to telnet into it.

any other ideas?
0
 

Author Closing Comment

by:RJ_Emmett
ID: 33505082
This did the trick.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a trade show? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now