W2k8 R2 DC can't accept cert

I am trying to get my Windows 2008 R2 Dc to accept an SSL certificate. I ran the following command:

certreq -accept certnew.cer

I then get the following message:

DecodeFile returned 0x80070002 (WIN32: 2)
Certificate Request Processor: The system cannot find the file specified. 0x8007
0002 (WIN32: 2)

Am I doing something wrong? Trying to get LDAPS working with a 3rd party UCC Certificate.
Greg27Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wkcarlsonCommented:
Did you actually generate the SSL certificate 'certnew.cer' and is it in the same directory as the certreq command?
0
Greg27Author Commented:
Yes on both accounts. I even entered the command:

certreq -accept C:\Users\user1\Desktop\certnew.cer

which contains the fully qualified path to the cert, but it still generates the same error.
0
wkcarlsonCommented:
And are you running the certreq command with administrator privileges?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Greg27Author Commented:
Yes. Am I missing something basic? Should I have the file sitting somewhere other than my desktop?
0
wkcarlsonCommented:
Watch the step three screen cast and see if that cures what ails you.

http://www.netometer.com/video/tutorials/godaddy-add-trusted-certificate-sbs-2008/
0
Greg27Author Commented:
I went to the link and selected step 3, but it will not show the video unless I sign up for about $30.
0
wkcarlsonCommented:
Very strange!  Try adding the certificate via the Certificates snap-in in the Windows MMC.
0
Greg27Author Commented:
Do I import from the "Trusted Root Certification Autorities"  or the "Personal" Certificates folder? I tried from the "Trusted Root Certification Authorities" folder, but it looks like it wants a file witha .crt extension instead of a .cer extension.
0
wkcarlsonCommented:
Trusted Root Certificate Authorities would be from someone like Verisign or GoDaddy.  I believe you will want to use the personal certificates wizard to get the job done here since it is a self-signed certificate.
0
Greg27Author Commented:
It's actually a certificate from GoDaddy.
0
wkcarlsonCommented:
Ah, that's helpful to know.  Here is a FREE link that should walk you through all of the steps quite nicely.  http://www.bunkerhollow.com/blogs/matt/archive/2008/06/05/install-a-godaddy-ssl-certificate-on-iis-7.aspx
0
Greg27Author Commented:
Since this is for Active Directory and not IIS, will this link still work?
0
wkcarlsonCommented:
Do you currently have the Active Directory Certificate Services role installed on your server?
0
Greg27Author Commented:
To generate a certificate?
0
wkcarlsonCommented:
It is under the Personal certificates that you should see your certificate in the MMC
0
Greg27Author Commented:
Do I need Active Directory Certificate Services to use a 3rd party certificate for LDAPS?
0
wkcarlsonCommented:
No, you don't need AD CS.  I'm crossing up my posts here.  There's another one with a self-signed.  You should be good to go with your third party certificate.
0
Greg27Author Commented:
If I try to import into the Personal folder, it still wants to add the .crt extension on.
0
Greg27Author Commented:
So, everything that I read tells me to create a cert file named cetnew.cer, but The Certificates MMC wants a file with an extension of .crt. Am I possibly missing a step to get the .cer file to a .crt?
0
wkcarlsonCommented:
.cer is correct.  Did you put the .cer file in the same folder as the request file?  Also, when you copied and pasted the third party certificate, did you include EVERYTHING, or did you cut the strange bits at the first and end?  Usually there are slashes or dead space in them, but you have to copy EVERYTHING.  You also have to be sure and use a plain text editor.  No wordpad, and definitely no Word.
0
Greg27Author Commented:
I think I just copied the .cer file they sent me. I don't recall opening it up and copying anything.
0
Greg27Author Commented:
The request file is on the desktop as well.
0
wkcarlsonCommented:
I'm not sure what walkthrough you are using, but here is one direct from Microsoft...  http://support.microsoft.com/kb/321051
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Greg27Author Commented:
I am still dealing with the fact that even if I try to import the cert using the mmc, it still says it can't find the file. ????
0
Greg27Author Commented:
The link you sent me from Microsoft is the one I used. When I get to entering the command:

certreq -accept certnew.cer

it tells me the following:

DecodeFile returned 0x80070002 (WIN32: 2)
Certificate Request Processor: The system cannot find the file specified. 0x8007
0002 (WIN32: 2)

I am not sure what "The system cannot find the file specified" means as I have qualified the path to the cert and rechecked the name. If I look at help for the command certreq I see the format is:

------------

CertReq -Accept [Options] [CertChainFileIn | FullResponseFileIn | CertFileIn]
  Accept and install a response to a previous new request.

Options:
  -user
  -machine

-------------

Do I need to do something with the certnew.cer file? before running the command?

I did try double clicking on the certificate and installing it that way, but I still don't see my specific cert listed. I do however see the following new cert listed under "Trusted Root Certification Authorities" -> "Certificates": "Go Daddy Class 2 Certification Authority". It also shows up under "Third-Party Root Certification Authorities" -> "Certificated".
0
Greg27Author Commented:
wkcarlson, I just found out my actual problem. I now feel foolish. I thought I had unchecked the "Hide extensions for known file types", but apparently, Windows 2008 or 2008 R2 has added another hide option "Hide empty drives in the Computer Folder", so my certnew.cer file was actually named certnew.cer.crt. So, I was able to accept the certificate once I changed the extension. I wanted to give you credit for hanging with me and giving me good instructions on setting it up.
0
Greg27Author Commented:
wkcarlson, not sure if you know, but once I get the cert installed, do I need to reboot the server to connect via LDAPS or should it just work?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.