Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2597
  • Last Modified:

SSL Certificate Import in SBS 2011

I am doing a migration from SBS 2003 to 2011. I have followed the MS instructions to export my trusted SSL certificate from the old server and copied it to the new one.
If I browse to the Computer Personal Certificate store I can see the certificate in there, however when I run the Add a Trusted Certificate Wizard and browse for certificates it does not appear in the list.
Any ideas?
0
nealerocks
Asked:
nealerocks
  • 5
  • 3
1 Solution
 
Cliff GaliherCommented:
Exporting and importing is tricky. You have to get the private key, get it in the right store, get the system *exactly* as expected for the wizards. Time consuming and error prone. Skip it. Use the certificate to generate a new CSR (and, by proxy, private key), then use the "rekey" option of your public CA to generate a new certificate. Rekeying is free, as far as SBS is concerned, you used the wizards as intended, and it is almost foolproof for a successful cert. Much better than the export/import game.

-Cliff
0
 
nealerocksAuthor Commented:
Thanks for the suggestion. I will give this a go tomorrow.
0
 
nealerocksAuthor Commented:
I generated a new CSR request and rekeyed my certificate but it still doesn't appear in my Add a trusted certificate wizard.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Cliff GaliherCommented:
HOW did you generate the new CSR?
0
 
nealerocksAuthor Commented:
I used the new exchange certificate from the exchange 2010 management console
0
 
Cliff GaliherCommented:
No. Stick to the SBS wizard. Use the add trusted certificate wizard to generate the CSR (the first option in the wizard) then rekey with that CSR, then rerun the wizard to import the cert (the second option in the wizard.) it is designed to be run twice and manages properly pairing public and private keys. By skipping the first run during the CSR phase, you are just confusing the wizard.

-Cliff
0
 
nealerocksAuthor Commented:
I managed to get around it by installing it directly into exchange rather than the wizard.
0
 
nealerocksAuthor Commented:
Figured it out myself.
Thanks for the suggestions.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now