Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SSL Certificate problems on SBS 2008

Posted on 2010-08-19
7
Medium Priority
?
1,309 Views
Last Modified: 2012-05-10
OK people who are smarter than me here's a SSL Certifcate problem I need help with.

Client was on SBS 2003.  I exported the GoDaddy issued SSL certificate from the certificates MMC, then rebult the SBS Server to SBS2008.  I rebuilt the server, but used the same server name.  MAMAIN

I tried running the import wizard on the SBS Console and pointed the wizard to the exported file.

OWA & RWW worked but the cert didn't (had to click through the "click here to continue - not recommended" link to get to them.

I deleted the certificates out of the certificate store that referred to my cert "mail.domain.com" using the certificates snap in on the MMC.  (right click - delete)

I've done a generate reqeust in Exchange Management Shell, rekeyed with Godaddy, downloaded the certs.  Imported both files that godaddy has you import into the "Imtermediate certificate authorites" using the certificates MMC.

Gone into Exchange Manangment shell to enable the certificates, but EMS doesn't see the cert.

I've done so many things I'm going nuts.


I would like to start over, but I think I've monkeyed everything up and have unused/unneeded certifcates all over the place.

HERE'S MY QUESTION:

What steps should I do to first clean up the certs, then get my certificate reissued.

Thanks guys and gals
0
Comment
Question by:RJ_Emmett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Expert Comment

by:Casey Herman
ID: 33479378
Did you bind the new SSL certificate in IIS7?

Hope this helps.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 33479382
You imported the certificate directly through the mmc?

When using Exchange 2007 you need to use the import-certificate cmdlet to import the certificate in order for Exchange to see it.

After you imported the certificate, exchange will be able to see it (and so you can enable it)

Michael
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 2000 total points
ID: 33479484
When using SBS you MUST allways use the wizard in the SBS Console, don't do it through the Exchange Console or the Certificates snapin.

My Advice would be to remove any you have imported and then start the wizard again, if it's godaddy then create a new request and select the option "I require more time" then re-key your certificate and then complete the wizard.

See here for more details on the trusted certificate wizard in SBS 2008: http://blogs.technet.com/b/sbs/archive/2008/09/20/introducing-the-add-a-trusted-certificate-wizard-in-sbs-2008.aspx
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 3

Expert Comment

by:sparky2156
ID: 33479495
Don't know if this is the same problem, but sounds similar. I have had a similar problem with certificaes but in the EMC in Exchange 2010.

Initial problem was that I would create a request through EMC, then go through the process of importing it through EMS, but it wouldnt show up in EMC to complete the operation

Technical problem was that the private key got lost when importing the certificate. The following articles may be of help, and are certainly worth a check.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_25193573.html

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1188

Hope this helps.
0
 

Author Comment

by:RJ_Emmett
ID: 33479535
Casedog - no I didn't.  I was following the instructions Godaddy had and I didn't see any reference to installing using IIS7

MichaelVH - I downloaded the newly rekeyed Cert.  then using the Godaddy instructions imported the certs into the intermediate certification authority.  the download had a p7b file and a crt file, both said they were imported successfully.

Then again following Godaddy's instructions I went into the Exchange manamgement shell (EMS) and tried to enable it, but couldn't find it.

Right now when I run the get-exchangecertificate |fl  it shows three certs all the issuers are CN=companyname-MAMAIN-CA

These "Feel" like they're selfsigned, because I was expecting to see at least one issuer = godaddy

The Cert that has the smtp, iis, imap, pop services enabled says its status "invalid"

when I try to enable either one of the other two certs I get an error message that says

Enable-ExchangeCertificate : An unexpected error occurred while the forms-based
 authentication settings for path /LM/W3SVC/1 were being modified. The error re
turned was 5506.
At line:1 char:27
+ enable-exchangecertificate  <<<< -thumbprint AF395F0CCA0BA9C50429AB12FD6BD7D0
BE34468C -services "smtp, pop, imap, iis"
0
 

Author Comment

by:RJ_Emmett
ID: 33480298
DMAZTER,

I followed the instructions you gave and used the wizard.  Now the GoDaddy cert shows up and I have secure access to the https://mail.domain.com/remote with no issues, but the https://mail.domain.com/owa blank screens out on me.  Subsequently, when I use RWW I can remote into a desktop with no problems.  However, when I click on "check email" it allows me in, but all items that would have some sort of icon have a red X on them.

It sounded like port 443 may not be open on the firewall/server, but I was able to telnet into it.

any other ideas?
0
 

Author Closing Comment

by:RJ_Emmett
ID: 33505082
This did the trick.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data‚Ķ
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates‚Ķ

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question