McSnoogins1
asked on
SSL Certificate Missing Private Key
I've just bought an SSL certificate for my exchange 2007 server from 123-reg. I was given instructions as to how to import the certificate. When I was requesting it I used an online form to create the CSR and typed in the private key. I've imported the certificate but when i try to enable it I get an error back saying CertificateNotValidForExch angeExcept ion and that the private key is missing. I've contacted 123-reg and pretty much been told they provided the cert and they don't care what happens after.
Can someone tell me what I need to do to get this working so I can use my outlook anywhere?
Guide from 123-reg below:
Thank you for contacting 123-reg on the 20th March 2014.
Please use the below link to install your certificate on Microsoft Exchange 2007:
https://support.globalsign.com/customer/portal/articles/1226878-install-certificate---microsoft-exchange-2007
You will need an intermediate SSL certificate which can be found on the below support article:
Where can I obtain an Intermediate Root CA Certificate for my SSL Certificate?
If we can be of any further help with regard to this or any other matter, please do not hesitate to contact us.
Kind Regards
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
Can someone tell me what I need to do to get this working so I can use my outlook anywhere?
Guide from 123-reg below:
Thank you for contacting 123-reg on the 20th March 2014.
Please use the below link to install your certificate on Microsoft Exchange 2007:
https://support.globalsign.com/customer/portal/articles/1226878-install-certificate---microsoft-exchange-2007
You will need an intermediate SSL certificate which can be found on the below support article:
Where can I obtain an Intermediate Root CA Certificate for my SSL Certificate?
If we can be of any further help with regard to this or any other matter, please do not hesitate to contact us.
Kind Regards
--------------------------
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
use that file and go to your computer where the request was generated:
run mmc.exe
Add remove snap in
Certificates
Computer account
Local computer
Expand the certificates folder and go to Personal - then to certificates
Right click and go to tasks import
then point to and import the crt file you saved above.
once done refresh that window and look for the cert you just imported double click and go to the details tab and copy the serial number then run the below command from an elevated command prompt
certutil –repairstore my <serial number from step above>
In order for this to work:
You MUST run this from the computer you originally requested the cert from
You MUST import the certificate first using the steps above.
run mmc.exe
Add remove snap in
Certificates
Computer account
Local computer
Expand the certificates folder and go to Personal - then to certificates
Right click and go to tasks import
then point to and import the crt file you saved above.
once done refresh that window and look for the cert you just imported double click and go to the details tab and copy the serial number then run the below command from an elevated command prompt
certutil –repairstore my <serial number from step above>
In order for this to work:
You MUST run this from the computer you originally requested the cert from
You MUST import the certificate first using the steps above.
You will need to save it as .cer and then you can follow the process I highlighted earlier.
Regards
Regards
There is no need to rename windows can and will recognize both formats *.cer and *.crt
ASKER
I didn't request it from the server, i did it using an online form at 123-reg to create the CSR. Do i need to have it re-done and request it from my server?
I don;t understand why the private key isnt included? Is it just that 123-reg have done a rubbish job of it?
I don;t understand why the private key isnt included? Is it just that 123-reg have done a rubbish job of it?
ok so looking at their website it seems they send you both the public and private key by email can you confirm ?
If it is the case that you got both the key and the crt file then simply get openssl and run the command below:
openssl pkcs12 -export -in my.crt -inkey my.key -out mycert.pfx
With this pfx (which now contains the private key) you can import to any server
You can get openssl here:
http://gnuwin32.sourceforge.net/packages/openssl.htm
openssl pkcs12 -export -in my.crt -inkey my.key -out mycert.pfx
With this pfx (which now contains the private key) you can import to any server
You can get openssl here:
http://gnuwin32.sourceforge.net/packages/openssl.htm
ASKER
They sent me my "Your Intermediate Certificate" which installed on the server no bother and my "SSL Certificate" which is what I'm having trouble with. I'm getting the impression I have less of an idea about this than I thought I did.
E-mail included below (I've removed some of the cert characters for security)
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
Dear Chris,
Great news! Your SSL certificate has been issued and is now active.
-------------------------- ---------- ---------- -
Certificate details
Product type: 123-SSL
Domain: remote.revolutionaryit.co. uk
Valid for: 1years
-------------------------- ---------- ---------- -
What happens now?
You will now need to manually install your SSL certificate by following the instructions below.
Please note: Your SSL and intermediate certificates can found at the bottom of this email. Both certificates must be installed on your server.
-------------------------- ---------- ---------- -
Installation Guide
1) Using a text editor, copy the intermediate ctext from the bottom of this email, (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines) and Save As gs_intermediate_ca.crt on your server desktop.
2) Using a text editor, copy the SSL certificate text, from the bottom of this email (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines) and Save As yourdomain.crt on your
server desktop.
3) For instructions on installing your certificate on your web server (different methods are required, depending on your web server and SSL certificate type) and information on backing up your certificate and private key, please see the following link: http://www.123-reg.co.uk/support/category/SSL-Certificates
-------------------------- ---------- ---------- -
Getting help
If you need any help, please visit our support site. There you will find useful guides and answers to common queries. You can also use the Ask a question option which sends a query email to our expert support staff.
All the best,
The 123-reg team
www.123-reg.co.uk
-------------------------- ---------- ---------- -
MUST BE INSTALLED ON YOUR WEB SERVER:
Your Intermediate Certificate
-----BEGIN CERTIFICATE----- MIIELzCCAxegAwIBAgILBAAAAA ABL07hNwIw DQYJKoZIhv cNAQEFBQAw VzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEE dsb2JhbFNp Z24gbnYtc2 ExEDAOBgNV BAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2 JhbFNpZ24g Um9vdCBDQT AeFw0xMTA0 MTMxMDAw MDBaFw0yMjA0MTMxMDAwMDBaMC 4xETAPBgNV BAoTCEFscG hhU1NMMRkw FwYDVQQD ExBBbHBoYVNTTCBDQSAtIEcyMI IBIjANBgkq hkiG9w0BAQ EFAAOCAQ8A MIIBCgKC AQEAw/BliN8b3caChy/JC7pUxm M/RnWsSxQf mHKLHBD/Ca lSbi9l32WE P1+Bstjx T9fwWrvJr9Ax3SZGKpme2Kmjtr gHxMlx95WE 79LqH1Sg5b 7kQSFWMRBk fR5jjpxx XDygLt5n3MiaIPB1yLC2J4Hrlw 3uIkWlwi80 J+zgWRJRsx 4F5Tgg0mlZ elkXvhpL OQgSeTObZGj+WIHdiAxqulm0ry RPYeDK/Bda 0jxyq6dMt7 nqLeP0P5mi TcgdWPh/ UzWO1yKIt2F2CBMTaWawV1kTMQ pwgiuT1/bi QBXQHQFyxx NYalrsGYkW PODIjYYq +jfwNTLd7OX+gI73BWe0i0J1NQ IDAQABo4IB IzCCAR8wDg YDVR0PAQH/ BAQDAgEG MBIGA1UdEwEB/wQIMAYBAf8CAQ AwHQYDVR0O BBYEFBTqGV XwDg0yxh90 M7eOZhpM EjEeMEUGA1UdIAQ+MDwwOgYEVR 0gADAyMDAG CCsGAQUFBw IBFiRodHRw czovL3d3 dy5hbHBoYXNzbC5jb20vcmVwb3 NpdG9yeS8w MwYDVR0fBC wwKjAooCag JIYiaHR0 cDovL2NybC5nbG9iYWxzaWduLm 5ldC9yb290 LmNybDA9Bg grBgEFBQcB AQQxMC8w LQYIKwYBBQUHMAGGIWh0dHA6Ly 9vY3NwLmds b2JhbHNpZ2 4uY29tL3Jv b3RyMTAf AQEABjBCm89JAn6J6fWDWj0C87 yyRt5KUO65 mpBz2qBcJs qCrA6ts5T6 KC6y5kk/ UHcOlS9o82U8nxTyaGCStvwEDf akGKFpYA3j nWhbvJ4LOF mNIdoj+pmK Cbkfpy61 VWxH50Hs5uJ/r1VEOeCsdO5l0/ qrUUgw8T53 be3kD0CY7k d/jbZYJ82S b2AjzAKb WSh4olGd0Eqc5ZNemI/L7z/K/u CvpMlbbkBY pZItvV1lVc W/fARB2aS1 gOmUYAIQ OGoICNdTHC2Tr8kTe9RsxDrE+4 CsuzpOVHrN TrM+7fH8EU 6f9fMUvLmx Mc72qi+l +MPpZqmyIJ3E+LgDYqeF0RhjWw == -----END CERTIFICATE-----
Your SSL Certificate (Formatted for the majority of web server software including IIS and Apache based servers):
-----BEGIN CERTIFICATE----- MIIEwjCCA6qgAwIBAgISESEX09 ZVexI+WhuP uogKO1GtMA 0GCSqGSIb3 DQEBBQUA MC4xETAPBgNVBAoTCEFscGhhU1 NMMRkwFwYD VQQDExBBbH BoYVNTTCBD QSAtIEcy MB4XDTE0MDMyMDA5MTQzNVoXDT E1MDMyMTA5 MTQzNVowVz ELMAkGA1UE BhMCR0Ix ITAfBgNVBAsTGERvbWFpbiBDb2 50cm9sIFZh bGlkYXRlZD ElMCMGA1UE AwwccmVt b3RlLnJldm9sdXRpb25hcnlpdC 5jby51azCC ASIwDQYJKo ZIhvcNAQEB BQADggEP ADCCAQoCggEBALxpwyUtqu5b8j g/tbn8S98/ beBU1wgKAC bSyuDRKBRy nw7XxQDa dpciyGRWbqJ/hEMZP8Dzm5ZhTH YN9UHVCCsZ /Ao3SZW5wF rbj/M12mcA coJwaeRS asaubETJX6NTK4yyanh0XzC57L He2kPGqLka Bnc5qt7uul f02nUqrsZE IcfuuUdh TKwqu1DxGDSiTjgGR7J/SMqGdR kwdYj8lCv7 omj/l8NQhL V2zkBkHzXc Rey0jGOo 7sDZ34GXJgOsilpI66JybKlR/+ XU/ZEwRZXF W0YqfNqczt dsAJtviRQ8 PbLDHwQB zCPa1t3FDNGwYY9/xbX2eRx3cj B44uaeV9sC AwEAAaOCAa 8wggGrMA4G A1UdDwEB /wQEAwIFoDBJBgNVHSAEQjBAMD 4GBmeBDAEC ATA0MDIGCC sGAQUFBwIB FiZodHRw czovL3d3dy5nbG9iYWxzaWduLm NvbS9yZXBv c2l0b3J5Lz AnBgNVHREE IDAeghxy ZW1vdGUucmV2b2x1dGlvbmFyeW l0LmNvLnVr MAkGA1UdEw QCMAAwHQYD VR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBw MCMDoGA1Ud HwQzMDEwL6 AtoCuGKWh0 dHA6Ly9j cmwyLmFscGhhc3NsLmNvbS9ncy 9nc2FscGhh ZzIuY3JsMH 8GCCsGAQUF BwEBBHMw Vy dC9nc2FscGhhZzIuY3J0MDEGCC sGAQUFBzAB hiVodHRwOi 8vb2NzcDIu Z2xvYmFs c2lnbi5jb20vZ3NhbHBoYWcyMB 0GA1UdDgQW BBStn+dYjP naYYXJRiEc 9cXCKkLi 0zAfBgNVHSMEGDAWgBQU6hlV8A 4NMsYfdDO3 jmYaTBIxHj ANBgkqhkiG 9w0BAQUF AAOCAQEAWJfZOePvbs//+sr3US Eb6hZA0QvJ k5SHwT09M3 jAG8+Xc92m T4BxIdp2 y1qckyZe5y8zYjOenMiKpuob59 sFLD1OfxOK sM26WRoHj8 d94f40DPe/ CJcCJmin 6RnRtcIJG0GNSydibUABRCrO0o x0hbOu+frg sdUu16/TFL kjiG+22yzf b8KEGPxK ytfAK9XAt0RcWuzYtNbXQkPSJM 7UkMcmuisx zFzm/Zs7eJ uSwQairs2E oh2RMs77 L0JxAWY0h4eyMAVdWjbQZQaQy9 dzCkIjt18H 64P0zCizCN 1QB7g3oVky cg+r9hMd vgfiTRZIq6YOFEiAju82Egu/7H Y8hA== -----END CERTIFICATE-----
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
This is all i got, no attachments or anything else. If I go to cpanel in my hosting I can download the cert which just displays the SSL as above on a new page.
Can you tell me what to do with what I have or if I'm missing something?
E-mail included below (I've removed some of the cert characters for security)
--------------------------
Dear Chris,
Great news! Your SSL certificate has been issued and is now active.
--------------------------
Certificate details
Product type: 123-SSL
Domain: remote.revolutionaryit.co.
Valid for: 1years
--------------------------
What happens now?
You will now need to manually install your SSL certificate by following the instructions below.
Please note: Your SSL and intermediate certificates can found at the bottom of this email. Both certificates must be installed on your server.
--------------------------
Installation Guide
1) Using a text editor, copy the intermediate ctext from the bottom of this email, (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines) and Save As gs_intermediate_ca.crt on your server desktop.
2) Using a text editor, copy the SSL certificate text, from the bottom of this email (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines) and Save As yourdomain.crt on your
server desktop.
3) For instructions on installing your certificate on your web server (different methods are required, depending on your web server and SSL certificate type) and information on backing up your certificate and private key, please see the following link: http://www.123-reg.co.uk/support/category/SSL-Certificates
--------------------------
Getting help
If you need any help, please visit our support site. There you will find useful guides and answers to common queries. You can also use the Ask a question option which sends a query email to our expert support staff.
All the best,
The 123-reg team
www.123-reg.co.uk
--------------------------
MUST BE INSTALLED ON YOUR WEB SERVER:
Your Intermediate Certificate
-----BEGIN CERTIFICATE----- MIIELzCCAxegAwIBAgILBAAAAA
Your SSL Certificate (Formatted for the majority of web server software including IIS and Apache based servers):
-----BEGIN CERTIFICATE----- MIIEwjCCA6qgAwIBAgISESEX09
--------------------------
This is all i got, no attachments or anything else. If I go to cpanel in my hosting I can download the cert which just displays the SSL as above on a new page.
Can you tell me what to do with what I have or if I'm missing something?
ASKER
It seems I'm missing a .key file. Is that right? Can I create it myself or do I need to to be generated on the same machine that created the certificate?
You can have them email it to you since it seems the key pair end to end was created on their side.
ASKER
Thank you, I have told them I am missing it. I'll come back once I have it.
ASKER
I've just generated a new CSR from my server and sent it to them for the certificate to be re-issued. At no point though did the server ask me to type in a passphrase though and I'm pretty sure I'm going to be in the same situation as I am now once they send through only the cert. I'll keep you posted
ASKER
All working, it seems that generating the CSR using their form is pointless as you don't get the private key from them. I did it again from my own server and everything works as it should now
They should really fix that process, why sell you only the public portion of the key :-(
Their site very clearly says you should get the CSR the Key and the cer file
It's good you got this ironed out.
Their site very clearly says you should get the CSR the Key and the cer file
It's good you got this ironed out.
ASKER
Untitled.png