W2k8 R2 DC can't accept cert

I am trying to get my Windows 2008 R2 Dc to accept an SSL certificate. I ran the following command:

certreq -accept certnew.cer

I then get the following message:

DecodeFile returned 0x80070002 (WIN32: 2)
Certificate Request Processor: The system cannot find the file specified. 0x8007
0002 (WIN32: 2)

Am I doing something wrong? Trying to get LDAPS working with a 3rd party UCC Certificate.
Greg27Asked:
Who is Participating?
 
wkcarlsonCommented:
I'm not sure what walkthrough you are using, but here is one direct from Microsoft...  http://support.microsoft.com/kb/321051
0
 
wkcarlsonCommented:
Did you actually generate the SSL certificate 'certnew.cer' and is it in the same directory as the certreq command?
0
 
Greg27Author Commented:
Yes on both accounts. I even entered the command:

certreq -accept C:\Users\user1\Desktop\certnew.cer

which contains the fully qualified path to the cert, but it still generates the same error.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
wkcarlsonCommented:
And are you running the certreq command with administrator privileges?
0
 
Greg27Author Commented:
Yes. Am I missing something basic? Should I have the file sitting somewhere other than my desktop?
0
 
wkcarlsonCommented:
Watch the step three screen cast and see if that cures what ails you.

http://www.netometer.com/video/tutorials/godaddy-add-trusted-certificate-sbs-2008/
0
 
Greg27Author Commented:
I went to the link and selected step 3, but it will not show the video unless I sign up for about $30.
0
 
wkcarlsonCommented:
Very strange!  Try adding the certificate via the Certificates snap-in in the Windows MMC.
0
 
Greg27Author Commented:
Do I import from the "Trusted Root Certification Autorities"  or the "Personal" Certificates folder? I tried from the "Trusted Root Certification Authorities" folder, but it looks like it wants a file witha .crt extension instead of a .cer extension.
0
 
wkcarlsonCommented:
Trusted Root Certificate Authorities would be from someone like Verisign or GoDaddy.  I believe you will want to use the personal certificates wizard to get the job done here since it is a self-signed certificate.
0
 
Greg27Author Commented:
It's actually a certificate from GoDaddy.
0
 
wkcarlsonCommented:
Ah, that's helpful to know.  Here is a FREE link that should walk you through all of the steps quite nicely.  http://www.bunkerhollow.com/blogs/matt/archive/2008/06/05/install-a-godaddy-ssl-certificate-on-iis-7.aspx
0
 
Greg27Author Commented:
Since this is for Active Directory and not IIS, will this link still work?
0
 
wkcarlsonCommented:
Do you currently have the Active Directory Certificate Services role installed on your server?
0
 
Greg27Author Commented:
To generate a certificate?
0
 
wkcarlsonCommented:
It is under the Personal certificates that you should see your certificate in the MMC
0
 
Greg27Author Commented:
Do I need Active Directory Certificate Services to use a 3rd party certificate for LDAPS?
0
 
wkcarlsonCommented:
No, you don't need AD CS.  I'm crossing up my posts here.  There's another one with a self-signed.  You should be good to go with your third party certificate.
0
 
Greg27Author Commented:
If I try to import into the Personal folder, it still wants to add the .crt extension on.
0
 
Greg27Author Commented:
So, everything that I read tells me to create a cert file named cetnew.cer, but The Certificates MMC wants a file with an extension of .crt. Am I possibly missing a step to get the .cer file to a .crt?
0
 
wkcarlsonCommented:
.cer is correct.  Did you put the .cer file in the same folder as the request file?  Also, when you copied and pasted the third party certificate, did you include EVERYTHING, or did you cut the strange bits at the first and end?  Usually there are slashes or dead space in them, but you have to copy EVERYTHING.  You also have to be sure and use a plain text editor.  No wordpad, and definitely no Word.
0
 
Greg27Author Commented:
I think I just copied the .cer file they sent me. I don't recall opening it up and copying anything.
0
 
Greg27Author Commented:
The request file is on the desktop as well.
0
 
Greg27Author Commented:
I am still dealing with the fact that even if I try to import the cert using the mmc, it still says it can't find the file. ????
0
 
Greg27Author Commented:
The link you sent me from Microsoft is the one I used. When I get to entering the command:

certreq -accept certnew.cer

it tells me the following:

DecodeFile returned 0x80070002 (WIN32: 2)
Certificate Request Processor: The system cannot find the file specified. 0x8007
0002 (WIN32: 2)

I am not sure what "The system cannot find the file specified" means as I have qualified the path to the cert and rechecked the name. If I look at help for the command certreq I see the format is:

------------

CertReq -Accept [Options] [CertChainFileIn | FullResponseFileIn | CertFileIn]
  Accept and install a response to a previous new request.

Options:
  -user
  -machine

-------------

Do I need to do something with the certnew.cer file? before running the command?

I did try double clicking on the certificate and installing it that way, but I still don't see my specific cert listed. I do however see the following new cert listed under "Trusted Root Certification Authorities" -> "Certificates": "Go Daddy Class 2 Certification Authority". It also shows up under "Third-Party Root Certification Authorities" -> "Certificated".
0
 
Greg27Author Commented:
wkcarlson, I just found out my actual problem. I now feel foolish. I thought I had unchecked the "Hide extensions for known file types", but apparently, Windows 2008 or 2008 R2 has added another hide option "Hide empty drives in the Computer Folder", so my certnew.cer file was actually named certnew.cer.crt. So, I was able to accept the certificate once I changed the extension. I wanted to give you credit for hanging with me and giving me good instructions on setting it up.
0
 
Greg27Author Commented:
wkcarlson, not sure if you know, but once I get the cert installed, do I need to reboot the server to connect via LDAPS or should it just work?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.