Solved

Bindings in IIS for OWA cert

Posted on 2010-08-30
28
2,004 Views
Last Modified: 2013-04-19
How do I get my new cert to show up in the Site Bindings box for my SBS Web Applications? I have imported the cert but it does not show up when I right click and go to the edit Site Bindings for the https: 443 entry.
0
Comment
Question by:1Dingodog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 9
  • 6
  • +1
28 Comments
 
LVL 4

Expert Comment

by:Zupreme
ID: 33561385
Please ensure that you have followed all steps outlined here: http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561386
What version of SBS ?
0
 

Author Comment

by:1Dingodog
ID: 33561400
SBS2008
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561408
Use this tool to manage your cert's and see current config.
www.u-btech.com/products/certificate-manager-for-exchange-2007.html
0
 

Author Comment

by:1Dingodog
ID: 33561655
thhe issue is that when I go to create the Bindings for the OWA, the new cert is not in the list of certs available. I have not been able to find a way to add the new cert to this list.
0
 

Author Comment

by:1Dingodog
ID: 33561690
my cert is not self assigned but one that comes from a CA (Starfield Secure Certfication Author), the only ones I see in the list are self assigned.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561713
That means you havent applied the CERT yet.
You can download your cert from starfield again and select where you want to apply that.
0
 

Author Comment

by:1Dingodog
ID: 33561738
I have imported the cert into the personal cert store and the trusted root store, so what do you mean by apply?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561757
0
 

Author Comment

by:1Dingodog
ID: 33561769
Do i have to remove the old cone from the Server Certificates in the local host before the new can be imported
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561774
When you import the new one the old one will be removed.
0
 

Author Comment

by:1Dingodog
ID: 33561877
The new cert does not come in after I go thru the import from the folder were it was downloaded, does the IIS site need to be stopped for it to import correctly. Sorry but I just inherited the exchange server and that is not my cup-o-tea.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561925
No worries.

Lets try it the other way.

a) Assuming you imported the cert.

Import-ExchangeCertificate -Path "c:\CertificateFile.crt"

b) Enable-ExchangeCertificate -Thumbprint [thumbprint] -Services "SMTP, IIS, POP, IMAP, UM"

http://technet.microsoft.com/en-us/library/bb851505.aspx#CreatingImportingandEnablingCertificates
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33561926
when you view the certificate do you have the private key assoicated with it

start - run - type "mmc"
file - add/remove snap-in
add the certificates snap-in for the computer account
then expand certificates, personal, and select certificates
double-click the certificate you imported
at the bottom of the certificate information you should see "you have a private key that corresponds to this certificate"

if that is missing, you must either generate a new certificate or re-export the certificate from the original source and ensure to include the private key
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33561936
0
 

Author Comment

by:1Dingodog
ID: 33562192
I must be missing something, I can import the cert but when I view the cert there is no private key associated with it and when I go thru the steps to import, I am not asked to create or supply a key.
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33562204
After you import the certificate

get-exchangecertificate | fl

use the thumbprint from that > copy paste into notepad

and then run this

Enable-ExchangeCertificate -Thumbprint [thumbprint] -Services "SMTP, IIS, POP, IMAP, UM"
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33562225
you'll need to recreate the cert and import the new one
0
 

Author Comment

by:1Dingodog
ID: 33562289
This might sound stupid but from where am I importing the cert, and how do I assure it has a private key with it.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33562311
start - run - type "mmc"
file - add/remove snap-in
add the certificates snap-in for the computer account
then expand certificates, personal, and select certificates
double-click the certificate you imported
at the bottom of the certificate information you should see "you have a private key that corresponds to this certificate"
0
 

Author Comment

by:1Dingodog
ID: 33562330
when i went thru the mmc and checked there was no private key, should I be exporting from somewhere to add the private key or should it ask for me to create one on the import.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33562383
it should be associated with the cert provided by the ca
if it doesn't exist you need to recreate the cert with a new request
0
 

Author Comment

by:1Dingodog
ID: 33571931
Tryint to use the Exchange Command shell to enable the cert but it tells me that the cert with thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx was not found, do i put the [ ] around the thumbprint or not.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33571944
no you dont need to put the []
if it wasnt found then you need to create a new cert and import it.
0
 

Author Comment

by:1Dingodog
ID: 33572021
took out the [ ] and it found it but then said it was not valid for exchange, so I am calling it a day and will resume this in the morning.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33572379
did you request a new certificate that includes the private key?
0
 

Author Comment

by:1Dingodog
ID: 33580778
yes the cert I am working with is the new one
0
 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 250 total points
ID: 33580842
after you import the certificate verify that you have the private key
start - run - type "mmc"
file - add/remove snap-in
add the certificates snap-in for the computer account
then expand certificates, personal, and select certificates
double-click the certificate you imported
at the bottom of the certificate information you should see "you have a private key that corresponds to this certificate"
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question