Solved

SBS2008 - The imported certificate does not match your website etc

Posted on 2010-09-03
20
3,822 Views
Last Modified: 2012-11-13
SBS2008 Server
I purchased a certificate from godaddy, but when I go to import the certificate it says "The imported certificate does not match your Web site. Verify that you selected the correct certificate file, and then try again"

My website in the SBS console is mail.mycompany.co.uk and mail.mycompany.co.uk is on the certificate as well?

Any thoughts?
0
Comment
Question by:unrealone1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 7
  • 2
  • +1
20 Comments
 

Expert Comment

by:Nordicit
ID: 33594814
First of all, did you generate the certificate request from IIS7 of the SBS2008?

What you have to do, is "Complete certificate request" in IIS7 on the SBS2008, and then point it to the file received/downloaded from Godaddy. As far as I remember, you can also pull these files from your Godaddy Control Panel.

If you have done all that, then pls give more elaborate info.

Brgds

Thomas
0
 
LVL 1

Author Comment

by:unrealone1
ID: 33595491
Hi Thomas

I generated the certificate request in the SBS Console, uploaded certificate request to go godaddy, was authenticated. Then they sent me the certificates. I went back into the sbsconsole and attempted to import the certificate.

Is there anything else I need to do?
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33595596
Did you either deliberately or accidentally include any illegal characters

http://technet.microsoft.com/en-us/library/cc546059%28WS.10%29.aspx 
Make sure you do not have any illegal characters in any of the fields in the CSR. Illegal characters are [! @ # $ % ^ ( ) ~ ? > < &;; / \ , . " ']

The SBS wizard pulls company name exactly the way it was entered during initial setup and does not check or warn about these characters (ie. O'Reilly Inc.). A certificate generated from that CSR will fail to install with "The imported certificate does not match your Web site. Verify that you selected the correct certificate file, and then try again."
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 1

Author Comment

by:unrealone1
ID: 33595634
Hi there,

No I havent deliberately or accidently included any illegal characters.

I imported the .crt file godaddy emailed, but it fails to import. My website in the sbs console is mail.mycompany.co.uk and the certificate has mail.mycompany.co.uk.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 33597318
Simply repeat the process.
Regenerate a CSR using the "add trusted certificate" wizard.
Go to Godaddy and use their interface to "rekey" the certificate you purchased, and then use the "add trusted certificate wizard" to add the certificate.
For a certificate to be properly imported, not only must the name match, but the private key must match the public key (otherwise IIS can't decrypt data that browsers send it encrypted with the public key!) and the wizard checks to make sure this pairing works before completing the import. Either the private key was changed after he CSR was submitted (this would happen if you ran the wizard again and generaed another CSR and didn't submit it) or there was corruption when the private key was saved.
Either way, the cause is a relatively minor one. You simply generate a new CSR which will also generate and save a new private key. And then GoDaddy will give you a new public key (rekeying an existing cert is free) and then the wizard can make the pairing and will be happy.
-Cliff
 
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33597353
Do what cliff says :)
0
 
LVL 1

Author Comment

by:unrealone1
ID: 33598107
@ cgaliher

I just ran the add certificate wizard, recreated CSR - went to godaddy and used the rekey option, saved it - I then downloaded the new certificate (exchange2007, this right?)
Imported that into the sbs console, but it comes up with the same error?
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33601554
When you are requesting the certificate from godaddy you need to request iis cert not exchange cert
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 33605096
Use the "add certificate wizard" to complete the process of installing the certificate after you've downloaded it. It sounds like you are trying to import the certificate directly.
-Cliff
 
0
 
LVL 1

Author Comment

by:unrealone1
ID: 33612293
Thanks for your help with this guys.

@aoakeley, reran the add certificate wizard, rekeyed the CSR into godaddy again and downloaded the certificate for iis6 (thats whats installing on my sbs2008 server). Attempted to import it and again, I get the same error.

@cqaliher, Yeah I am using the add certificate wizard. I download it to my desktop first and unzip the folder its in.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33614199
Your SBS Server is uising iis7. Please use that one

Andy
0
 
LVL 1

Author Comment

by:unrealone1
ID: 33615784
Ok, I tried the IIS7 as well that doesnt work, the reason I tried IIS6 is because If I go into administrative tools > (I have) Internet Information Services (IIS) 6.0 Manager.

Sorry but I have only just been informed from someone else whos also involved with this server.  He has said that sharepoint was uninstalled recently?? Is this reason why its not working?
0
 
LVL 1

Author Comment

by:unrealone1
ID: 33615986
I am not sure what has happened, but I should have IIS7 and sharepoint installed shouldn't I?
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33616005
Yes... if you do not have iis7 and sharepoint you probably have bigger issues....

Exchange OWA and lots of other things (including exchange itself) will not work without IIS7.
0
 
LVL 1

Author Comment

by:unrealone1
ID: 33616147
I am sorry I have wasted your time - I didnt realise it was in this state.

Installing IIS7 and sharepoint, whats the best way to go about this?
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33616207
To get SBS back into a consistent state after this you are looking at a reinstall.

Are you sure IIS7 is uninstalled? I am fairly sure the SBS Console breaks if you uninstall IIS7? and I would not have though you would be able to generate the certificate request

what happens if you (on the server) do http://servername/ if IIS7 is installed you should get a image like the one below

Andy
iis7.png
0
 
LVL 1

Author Comment

by:unrealone1
ID: 33616306
I get this error, when I type my servername in. Please see attached image.
ERROR.jpg
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 500 total points
ID: 33616370
So iis7 is installed... that's good.

I suggest you spend some time having a look at the server and understanding what is there and what is not.

This will walk you through re-installing Sharepoint. But make sure you have a good backup and know how to restore before you start (note some of the comments saying it killed the server)
http://technet.microsoft.com/en-us/library/dd548327%28WS.10%29.aspx 

You may be better off creating the certificate request manually and installing the certificate manually using the IIS7 console. GoDaddy provides instructions on their website for doing this. and then once successfully installed on the sever then try to use the SBS console to allocate to the websites. If this still does not work (and it might not if sharepoint has been uninstalled) you can manually allocate to the sites you want to secure.

But first, establish state of server, ask if anything else funky has ben done to it or investigate for yourself.
0
 
LVL 1

Author Comment

by:unrealone1
ID: 33756992
Thanks for all your help - we've come to a conclusion to wipe and start from scratch.
0
 
LVL 1

Author Closing Comment

by:unrealone1
ID: 33756996
Thank you
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question