Solved

SSL Certificate problems on SBS 2008

Posted on 2010-08-19
7
1,293 Views
Last Modified: 2012-05-10
OK people who are smarter than me here's a SSL Certifcate problem I need help with.

Client was on SBS 2003.  I exported the GoDaddy issued SSL certificate from the certificates MMC, then rebult the SBS Server to SBS2008.  I rebuilt the server, but used the same server name.  MAMAIN

I tried running the import wizard on the SBS Console and pointed the wizard to the exported file.

OWA & RWW worked but the cert didn't (had to click through the "click here to continue - not recommended" link to get to them.

I deleted the certificates out of the certificate store that referred to my cert "mail.domain.com" using the certificates snap in on the MMC.  (right click - delete)

I've done a generate reqeust in Exchange Management Shell, rekeyed with Godaddy, downloaded the certs.  Imported both files that godaddy has you import into the "Imtermediate certificate authorites" using the certificates MMC.

Gone into Exchange Manangment shell to enable the certificates, but EMS doesn't see the cert.

I've done so many things I'm going nuts.


I would like to start over, but I think I've monkeyed everything up and have unused/unneeded certifcates all over the place.

HERE'S MY QUESTION:

What steps should I do to first clean up the certs, then get my certificate reissued.

Thanks guys and gals
0
Comment
Question by:RJ_Emmett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Expert Comment

by:Casey Herman
ID: 33479378
Did you bind the new SSL certificate in IIS7?

Hope this helps.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 33479382
You imported the certificate directly through the mmc?

When using Exchange 2007 you need to use the import-certificate cmdlet to import the certificate in order for Exchange to see it.

After you imported the certificate, exchange will be able to see it (and so you can enable it)

Michael
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 33479484
When using SBS you MUST allways use the wizard in the SBS Console, don't do it through the Exchange Console or the Certificates snapin.

My Advice would be to remove any you have imported and then start the wizard again, if it's godaddy then create a new request and select the option "I require more time" then re-key your certificate and then complete the wizard.

See here for more details on the trusted certificate wizard in SBS 2008: http://blogs.technet.com/b/sbs/archive/2008/09/20/introducing-the-add-a-trusted-certificate-wizard-in-sbs-2008.aspx
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 3

Expert Comment

by:sparky2156
ID: 33479495
Don't know if this is the same problem, but sounds similar. I have had a similar problem with certificaes but in the EMC in Exchange 2010.

Initial problem was that I would create a request through EMC, then go through the process of importing it through EMS, but it wouldnt show up in EMC to complete the operation

Technical problem was that the private key got lost when importing the certificate. The following articles may be of help, and are certainly worth a check.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_25193573.html

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1188

Hope this helps.
0
 

Author Comment

by:RJ_Emmett
ID: 33479535
Casedog - no I didn't.  I was following the instructions Godaddy had and I didn't see any reference to installing using IIS7

MichaelVH - I downloaded the newly rekeyed Cert.  then using the Godaddy instructions imported the certs into the intermediate certification authority.  the download had a p7b file and a crt file, both said they were imported successfully.

Then again following Godaddy's instructions I went into the Exchange manamgement shell (EMS) and tried to enable it, but couldn't find it.

Right now when I run the get-exchangecertificate |fl  it shows three certs all the issuers are CN=companyname-MAMAIN-CA

These "Feel" like they're selfsigned, because I was expecting to see at least one issuer = godaddy

The Cert that has the smtp, iis, imap, pop services enabled says its status "invalid"

when I try to enable either one of the other two certs I get an error message that says

Enable-ExchangeCertificate : An unexpected error occurred while the forms-based
 authentication settings for path /LM/W3SVC/1 were being modified. The error re
turned was 5506.
At line:1 char:27
+ enable-exchangecertificate  <<<< -thumbprint AF395F0CCA0BA9C50429AB12FD6BD7D0
BE34468C -services "smtp, pop, imap, iis"
0
 

Author Comment

by:RJ_Emmett
ID: 33480298
DMAZTER,

I followed the instructions you gave and used the wizard.  Now the GoDaddy cert shows up and I have secure access to the https://mail.domain.com/remote with no issues, but the https://mail.domain.com/owa blank screens out on me.  Subsequently, when I use RWW I can remote into a desktop with no problems.  However, when I click on "check email" it allows me in, but all items that would have some sort of icon have a red X on them.

It sounded like port 443 may not be open on the firewall/server, but I was able to telnet into it.

any other ideas?
0
 

Author Closing Comment

by:RJ_Emmett
ID: 33505082
This did the trick.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question