Solved

SSL Certificate problems on SBS 2008

Posted on 2010-08-19
7
1,290 Views
Last Modified: 2012-05-10
OK people who are smarter than me here's a SSL Certifcate problem I need help with.

Client was on SBS 2003.  I exported the GoDaddy issued SSL certificate from the certificates MMC, then rebult the SBS Server to SBS2008.  I rebuilt the server, but used the same server name.  MAMAIN

I tried running the import wizard on the SBS Console and pointed the wizard to the exported file.

OWA & RWW worked but the cert didn't (had to click through the "click here to continue - not recommended" link to get to them.

I deleted the certificates out of the certificate store that referred to my cert "mail.domain.com" using the certificates snap in on the MMC.  (right click - delete)

I've done a generate reqeust in Exchange Management Shell, rekeyed with Godaddy, downloaded the certs.  Imported both files that godaddy has you import into the "Imtermediate certificate authorites" using the certificates MMC.

Gone into Exchange Manangment shell to enable the certificates, but EMS doesn't see the cert.

I've done so many things I'm going nuts.


I would like to start over, but I think I've monkeyed everything up and have unused/unneeded certifcates all over the place.

HERE'S MY QUESTION:

What steps should I do to first clean up the certs, then get my certificate reissued.

Thanks guys and gals
0
Comment
Question by:RJ_Emmett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Expert Comment

by:Casey Herman
ID: 33479378
Did you bind the new SSL certificate in IIS7?

Hope this helps.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 33479382
You imported the certificate directly through the mmc?

When using Exchange 2007 you need to use the import-certificate cmdlet to import the certificate in order for Exchange to see it.

After you imported the certificate, exchange will be able to see it (and so you can enable it)

Michael
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 33479484
When using SBS you MUST allways use the wizard in the SBS Console, don't do it through the Exchange Console or the Certificates snapin.

My Advice would be to remove any you have imported and then start the wizard again, if it's godaddy then create a new request and select the option "I require more time" then re-key your certificate and then complete the wizard.

See here for more details on the trusted certificate wizard in SBS 2008: http://blogs.technet.com/b/sbs/archive/2008/09/20/introducing-the-add-a-trusted-certificate-wizard-in-sbs-2008.aspx
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:sparky2156
ID: 33479495
Don't know if this is the same problem, but sounds similar. I have had a similar problem with certificaes but in the EMC in Exchange 2010.

Initial problem was that I would create a request through EMC, then go through the process of importing it through EMS, but it wouldnt show up in EMC to complete the operation

Technical problem was that the private key got lost when importing the certificate. The following articles may be of help, and are certainly worth a check.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_25193573.html

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1188

Hope this helps.
0
 

Author Comment

by:RJ_Emmett
ID: 33479535
Casedog - no I didn't.  I was following the instructions Godaddy had and I didn't see any reference to installing using IIS7

MichaelVH - I downloaded the newly rekeyed Cert.  then using the Godaddy instructions imported the certs into the intermediate certification authority.  the download had a p7b file and a crt file, both said they were imported successfully.

Then again following Godaddy's instructions I went into the Exchange manamgement shell (EMS) and tried to enable it, but couldn't find it.

Right now when I run the get-exchangecertificate |fl  it shows three certs all the issuers are CN=companyname-MAMAIN-CA

These "Feel" like they're selfsigned, because I was expecting to see at least one issuer = godaddy

The Cert that has the smtp, iis, imap, pop services enabled says its status "invalid"

when I try to enable either one of the other two certs I get an error message that says

Enable-ExchangeCertificate : An unexpected error occurred while the forms-based
 authentication settings for path /LM/W3SVC/1 were being modified. The error re
turned was 5506.
At line:1 char:27
+ enable-exchangecertificate  <<<< -thumbprint AF395F0CCA0BA9C50429AB12FD6BD7D0
BE34468C -services "smtp, pop, imap, iis"
0
 

Author Comment

by:RJ_Emmett
ID: 33480298
DMAZTER,

I followed the instructions you gave and used the wizard.  Now the GoDaddy cert shows up and I have secure access to the https://mail.domain.com/remote with no issues, but the https://mail.domain.com/owa blank screens out on me.  Subsequently, when I use RWW I can remote into a desktop with no problems.  However, when I click on "check email" it allows me in, but all items that would have some sort of icon have a red X on them.

It sounded like port 443 may not be open on the firewall/server, but I was able to telnet into it.

any other ideas?
0
 

Author Closing Comment

by:RJ_Emmett
ID: 33505082
This did the trick.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Maintaining a PST file separate from Outlook/Exchange 7 89
Delivery has failed to these recipients 14 61
exchange 16 47
exchange, owa 4 46
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question