Solved

Cannot get Signed SSL certificate into the right place in SBS 2011

Posted on 2015-01-12
12
259 Views
Last Modified: 2015-01-25
Been mucking around with SSL certificates for hours.

Long time since I've done this.

Ordered certificates, downloaded, right-clicked on, and installed. (GoDaddy)

Kept getting errors on remote connectivity Analyzer.

Realized that it wasn't using my purchased certificate.

It's in personal, When I try and export it, it won't take all its properties and the import fails.

I followed GoDaddy's Article at: https://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010?locale=en

When I get to to #23, I do not see "Complete Pending Request..."
0
Comment
Question by:MJCS
  • 4
  • 3
  • 2
  • +3
12 Comments
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Ok so from what you are saying it seems like you have already processed the request.

Are you running all this on the same server you need to install the certificate on ?


You indicated the certificate is now installed in personal, verify it has the private key installed
You can do this by double clicking the certificate (you should see text that says "You have a private key ..."

Once this is done simply run the fix my network wizard and point to the new certificate you just got from godaddy.
0
 
LVL 2

Author Comment

by:MJCS
Comment Utility
Ran the wizard, it only sees the self-signed key. Then says it can't fix it, restart certificate service and retry.

I rebooted

Same.
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 100 total points
Comment Utility
Did you see an indication that they private key is installed for the new certificate when you opened it in the mmc ?

winkey + r
mmc.exe
Add Remove Snap in
Certificates
Local Computer
Expand Personal

If the cert is present look to see if they private key is present.

If not ask to have it rekeyed, or simply do a repair on the certificate with the following command
certutil -repairstore MY serialnumber (obtained from the details tab in the new certificate)


Then try the wizard again.
0
 
LVL 2

Author Comment

by:MJCS
Comment Utility
Network repair wizard?
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
The fix my network wizard once you're able to get the private key repaired.
0
 
LVL 2

Expert Comment

by:Michael Zehr
Comment Utility
Hi, did you Import the godaddy intermediate certificate?
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 100 total points
Comment Utility
The primary reason the wizard will not see your certificate is due to a common name mismatch.
The wizard only looks at the common name.

Therefore if the wizards in SBS were run in their default configuration, the common name it wants to see is remote.example.com. If the common name is mail.example.com or even example.com then the wizard will not see the certificate and you cannot choose it.

With an SBS server, it is best to use remote.example.com everywhere, as per the wizards expectation. It also makes following any tutorials easier.
However if you created the SSL certificate request in Exchange 2010 and didn't change the configuration, then the common name will be example.com (ie the root of the domain) rather than remote.example.com.

Simon.
0
 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 200 total points
Comment Utility
This article was written by a member of the SBS team.   It works exactly the same for SBS 2011 as it does on SBS 2008
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html  Installing a GoDaddy Standard SSL Certificate on SBS 2008
0
 
LVL 6

Assisted Solution

by:Flipp
Flipp earned 100 total points
Comment Utility
Not sure if this applies to your cert or not, but http://blogs.msmvps.com/bradley/2010/02/18/so-ya-wanna-in-your-trusted-cert-wizard/ explains how to have a non-remote.domain.com cert to show in SBS wizards when installing a new cert.
Bailed me out a number of times :)
0
 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 200 total points
Comment Utility
I didn't see anything in the original post to indicate that this is a wildcard cert
0
 
LVL 2

Accepted Solution

by:
MJCS earned 0 total points
Comment Utility
I appreciate all the comments!

I deleted the certificate and re-ran through GoDaddy's step-by-step. I must have previously done a step wrong because it worked for me that time.
0
 
LVL 2

Author Closing Comment

by:MJCS
Comment Utility
I've credited the helpful advice, but ultimately it was fixed by re-running the wizard.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now