Solved

Problem installing renewed SSL Cert SBS2008

Posted on 2010-09-08
4
1,706 Views
Last Modified: 2012-05-10
I renewed our SSL cert with GoDaddy. During the renewal process GoDaddy gave me the option of just re-using the information from our last cert which I did (autofilled the fingerprint). I only got a single cert for remote.mydomain.com. The cert is for IIS7

I removed the expired cert and installed the gb_iis_interidiate.p7b cert in the intermediate repository using mmc with no problems.

I have not been able to install the remote.mydomain.com.crt however. The instructions I have been following are for SBS2008 and require using the SBS console wizard to complete the installation. The certificate was not initially showing up as an option in the wizard. I manually installed it in the personal cert store and then was able to select it however the installation fails. I get an error saying "The imported cert does not match your web site". I also get an error (something about bad tag) if I try to import the cert through the IIS console.

I am wondering if the auto generated info provided by GoDaddy might be the problem. Perhaps I should have just generated an entirely new certificate request.

Any ideas how to proceed?
0
Comment
Question by:pmckenna11
  • 2
4 Comments
 
LVL 6

Expert Comment

by:M. Rashel Ahmed
ID: 33634247
You need to remove the faulty certificate. Then recreate a new CSR and send it to godaddy to generate the certificate for you. After installing the new certificate, everything will be back to normal. It is very easy to have problem with the certificate renewal if the vendor doesn't do it properly.

enjoy!
0
 
LVL 2

Author Comment

by:pmckenna11
ID: 33637865
I orginally only ordered remote.mydomain.com. What other domains should be inlcuded in a properly configured cert? I seem to remember autodiscover.mydomain.com, servername.mydomain.com, but am not sure what a complete list would be
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 33638975
You only need remote.
And, since you have already renewed, adding the other domains would cost money. You can do this for free. Use the SBS add trusted certificate wizard to generate a new CSR.
Go to Godaddy and use the "rekey" option to submit the new CSR.
Then use the SBS "add trusted certificate wizard" again to add the certificate that Godaddy sends you.
This process will be completely free and will get the certificate added the right way with a matching private key. You should not need o re-add the intermediate certificate since you've already done that step.
-Cliff
 
0
 
LVL 2

Author Closing Comment

by:pmckenna11
ID: 33668350
Didn't realize rekeying was an option. Worked perfectly
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now