Solved

Bindings in IIS for OWA cert

Posted on 2010-08-30
28
1,869 Views
Last Modified: 2013-04-19
How do I get my new cert to show up in the Site Bindings box for my SBS Web Applications? I have imported the cert but it does not show up when I right click and go to the edit Site Bindings for the https: 443 entry.
0
Comment
Question by:1Dingodog
  • 12
  • 9
  • 6
  • +1
28 Comments
 
LVL 4

Expert Comment

by:Zupreme
ID: 33561385
Please ensure that you have followed all steps outlined here: http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561386
What version of SBS ?
0
 

Author Comment

by:1Dingodog
ID: 33561400
SBS2008
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561408
Use this tool to manage your cert's and see current config.
www.u-btech.com/products/certificate-manager-for-exchange-2007.html
0
 

Author Comment

by:1Dingodog
ID: 33561655
thhe issue is that when I go to create the Bindings for the OWA, the new cert is not in the list of certs available. I have not been able to find a way to add the new cert to this list.
0
 

Author Comment

by:1Dingodog
ID: 33561690
my cert is not self assigned but one that comes from a CA (Starfield Secure Certfication Author), the only ones I see in the list are self assigned.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561713
That means you havent applied the CERT yet.
You can download your cert from starfield again and select where you want to apply that.
0
 

Author Comment

by:1Dingodog
ID: 33561738
I have imported the cert into the personal cert store and the trusted root store, so what do you mean by apply?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561757
0
 

Author Comment

by:1Dingodog
ID: 33561769
Do i have to remove the old cone from the Server Certificates in the local host before the new can be imported
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561774
When you import the new one the old one will be removed.
0
 

Author Comment

by:1Dingodog
ID: 33561877
The new cert does not come in after I go thru the import from the folder were it was downloaded, does the IIS site need to be stopped for it to import correctly. Sorry but I just inherited the exchange server and that is not my cup-o-tea.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561925
No worries.

Lets try it the other way.

a) Assuming you imported the cert.

Import-ExchangeCertificate -Path "c:\CertificateFile.crt"

b) Enable-ExchangeCertificate -Thumbprint [thumbprint] -Services "SMTP, IIS, POP, IMAP, UM"

http://technet.microsoft.com/en-us/library/bb851505.aspx#CreatingImportingandEnablingCertificates
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33561926
when you view the certificate do you have the private key assoicated with it

start - run - type "mmc"
file - add/remove snap-in
add the certificates snap-in for the computer account
then expand certificates, personal, and select certificates
double-click the certificate you imported
at the bottom of the certificate information you should see "you have a private key that corresponds to this certificate"

if that is missing, you must either generate a new certificate or re-export the certificate from the original source and ensure to include the private key
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561936
0
 

Author Comment

by:1Dingodog
ID: 33562192
I must be missing something, I can import the cert but when I view the cert there is no private key associated with it and when I go thru the steps to import, I am not asked to create or supply a key.
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33562204
After you import the certificate

get-exchangecertificate | fl

use the thumbprint from that > copy paste into notepad

and then run this

Enable-ExchangeCertificate -Thumbprint [thumbprint] -Services "SMTP, IIS, POP, IMAP, UM"
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33562225
you'll need to recreate the cert and import the new one
0
 

Author Comment

by:1Dingodog
ID: 33562289
This might sound stupid but from where am I importing the cert, and how do I assure it has a private key with it.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33562311
start - run - type "mmc"
file - add/remove snap-in
add the certificates snap-in for the computer account
then expand certificates, personal, and select certificates
double-click the certificate you imported
at the bottom of the certificate information you should see "you have a private key that corresponds to this certificate"
0
 

Author Comment

by:1Dingodog
ID: 33562330
when i went thru the mmc and checked there was no private key, should I be exporting from somewhere to add the private key or should it ask for me to create one on the import.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33562383
it should be associated with the cert provided by the ca
if it doesn't exist you need to recreate the cert with a new request
0
 

Author Comment

by:1Dingodog
ID: 33571931
Tryint to use the Exchange Command shell to enable the cert but it tells me that the cert with thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx was not found, do i put the [ ] around the thumbprint or not.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33571944
no you dont need to put the []
if it wasnt found then you need to create a new cert and import it.
0
 

Author Comment

by:1Dingodog
ID: 33572021
took out the [ ] and it found it but then said it was not valid for exchange, so I am calling it a day and will resume this in the morning.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33572379
did you request a new certificate that includes the private key?
0
 

Author Comment

by:1Dingodog
ID: 33580778
yes the cert I am working with is the new one
0
 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 250 total points
ID: 33580842
after you import the certificate verify that you have the private key
start - run - type "mmc"
file - add/remove snap-in
add the certificates snap-in for the computer account
then expand certificates, personal, and select certificates
double-click the certificate you imported
at the bottom of the certificate information you should see "you have a private key that corresponds to this certificate"
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now