certificate issue- 2008 server

Okay, im new to certificates but we have a website that is hosted by me that I believe needs to issue a valid certificate. When I go to the site it says" Content was blocked because it was not signed by a valid security certificate".

I need to issue a cert from the server...correct? If so can someone give me step by step instructions to do this? I am a domain admin on our network. Thanks
Thomas NSystems Analyst - Windows System AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rgormanCommented:
You will want to generate a CSR through IIS using the instructions here...

https://technet.microsoft.com/en-ca/library/cc732906%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Then you will submit the CSR to an SSL certificate provider, like GoDaddy/Verisign/Thawte/etc, and they will issue the certificate that you will import into your PC.  Each provider would have instructions on their site as well that outline the process for each product.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Digi Cert has a complete tutorial on how to accomplish this. You need to start by generating a CSR and sending it to the 3rd Party SSL provider.
https://www.digicert.com/csr-creation-microsoft-iis-7.htm

Will.
0
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
Do I still need to do that if its an internal website?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
send it to a 3rd party I mean.
0
Will SzymkowskiSenior Solution ArchitectCommented:
If you want your Site on the internet and be trsuted then you need to use a 3rd party SSL cert. If you only want this for internal use only then you can use an internal Root CA.

Build An Internal Root CA
https://technet.microsoft.com/en-ca/library/cc501466.aspx

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
Thanks Will. Is it possible to find out if I already have an internal Root CA already setup? I was handed over this small network and not sure if its possible to find without digging around manually.
0
Will SzymkowskiSenior Solution ArchitectCommented:
All you need to run to verify if there is an internal Domain CA is running the following command...
certutil -TCAinfo

Open in new window


Will.
0
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
This is what I get when I run it. It pulls up a "server" and a "server1". So is it the CA name or the machine name?



C:\Users>certutil -TCAinfo
================================================================
CA Name: Wireless

Machine Name: server.domain.net

DS Location: CN=Wireless,CN=Enrollment Services,CN=Public Key Services,CN=Servic
es,CN=Configuration,DC=domain,DC=net

Cert DN: CN=Wireless, DC=domain, DC=net

CA Registry Validity Period: 2 Years -- 4/8/2017 12:56 PM
 NotAfter: 3/5/2018 10:58 AM

Connecting to server.domain.net\Wireless ...
Server "Wireless" ICertRequest2 interface is alive

  Enterprise Root CA

dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_NT_AUTH
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=Wireless, DC=domain, DC=net
  NotBefore: 3/5/2013 10:54 AM
  NotAfter: 3/5/2018 10:58 AM
  Subject: CN=Wireless, DC=domain, DC=net
  Serial: 753194f68ef2718b431217094313e9e0
  Template: CA
  ab 84 3a 7a 63 f8 34 9b 9c 4c 5b ab 13 63 a3 91 f7 67 99 20
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

Exclude leaf cert:
  da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09
Full chain:
  ab 84 3a 7a 63 f8 34 9b 9c 4c 5b ab 13 63 a3 91 f7 67 99 20
  Issuer: CN=Wireless, DC=domain, DC=net
  NotBefore: 3/5/2013 10:54 AM
  NotAfter: 3/5/2018 10:58 AM
  Subject: CN=Wireless, DC=domain, DC=net
  Serial: 753194f68ef2718b431217094313e9e0
  Template: CA
  ab 84 3a 7a 63 f8 34 9b 9c 4c 5b ab 13 63 a3 91 f7 67 99 20
A certification chain processed correctly, but one of the CA certificates is not
 trusted by the policy provider. 0x800b0112 (-2146762478)
------------------------------------

Supported Certificate Templates:
Cert Type[0]: DirectoryEmailReplication (Directory Email Replication)
Cert Type[1]: DomainControllerAuthentication (Domain Controller Authentication)
Cert Type[2]: Machine (Computer)
Validated Cert Types: 3

================================================================
CA Name: domain-server1-CA

Machine Name: server1.domain.net

DS Location: CN=domain-server1-CA,CN=Enrollment Services,CN=Public Key Service
s,CN=Services,CN=Configuration,DC=domain,DC=net

Cert DN: CN=domain-server1-CA, DC=domain, DC=net

CA Registry Validity Period: 2 Years -- 4/8/2017 12:56 PM
 NotAfter: 3/5/2018 11:14 AM

Connecting to server1.domain.net\domain-server1-CA ...
Server "domain-server1-CA" ICertRequest2 interface is alive

  Enterprise Root CA

dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_NT_AUTH
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=domain-server-CA, DC=domain, DC=net
  NotBefore: 3/5/2013 11:04 AM
  NotAfter: 3/5/2018 11:14 AM
  Subject: CN=domain-server1-CA, DC=domain, DC=net
  Serial: 4dfdb8bcd6dc8b894fd0e8041644a90d
  Template: CA
  44 e4 00 98 0e bd 03 5d 12 a4 d3 c1 e0 7c 49 c8 69 0f 37 20
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

Exclude leaf cert:
  da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09
Full chain:
  44 e4 00 98 0e bd 03 5d 12 a4 d3 c1 e0 7c 49 c8 69 0f 37 20
  Issuer: CN=domain-Sserver1-CA, DC=domain, DC=net
  NotBefore: 3/5/2013 11:04 AM
  NotAfter: 3/5/2018 11:14 AM
  Subject: CN=domain-CA, DC=domain, DC=net
  Serial: 4dfdb8bcd6dc8b894fd0e8041644a90d
  Template: CA
  44 e4 00 98 0e bd 03 5d 12 a4 d3 c1 e0 7c 49 c8 69 0f 37 20
A certification chain processed correctly, but one of the CA certificates is not
 trusted by the policy provider. 0x800b0112 (-2146762478)
------------------------------------

Supported Certificate Templates:
Cert Type[0]: DirectoryEmailReplication (Directory Email Replication)
Cert Type[1]: DomainControllerAuthentication (Domain Controller Authentication)
Cert Type[2]: EFSRecovery (EFS Recovery Agent)
Cert Type[3]: EFS (Basic EFS)
Cert Type[4]: DomainController (Domain Controller)
Cert Type[5]: WebServer (Web Server)
Cert Type[6]: Machine (Computer)
Cert Type[7]: User (User)
Cert Type[8]: SubCA (Subordinate Certification Authority)
Cert Type[9]: Administrator (Administrator)
Validated Cert Types: 10

================================================================
server.domain.net\Wireless:
  Enterprise Root CA
  A certification chain processed correctly, but one of the CA certificates is n
ot trusted by the policy provider. 0x800b0112 (-2146762478)
  Online

sscvu01.domain.net\domain-server1-CA:
  Enterprise Root CA
  A certification chain processed correctly, but one of the CA certificates is n
ot trusted by the policy provider. 0x800b0112 (-2146762478)
  Online

CertUtil: -TCAInfo command completed successfully.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Based on the out-put domain-server1-CA is the internal CA for this domain. You will then need to create a Web Server Template and issue it to the Web Server you want to use SSL.

Will.
0
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
ok let me try and come back to reward points
0
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.