|
Home > Archive > IIS Server Security > February 2005 > Request certificate wizard:What am I doing wrong ? Verisign certificate - Win2003
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Request certificate wizard:What am I doing wrong ? Verisign certificate - Win2003
|
|
| Marlon Brown 2005-02-01, 8:47 pm |
| I need to install SSL certificates for my OWA1 and OWA2 servers, that will
be configured as NLB.
As far as I know, I understand that I need to generate a .CSR from both
WIn2003 boxes and submit them to Verisign.
If the above procedure is correct, I go to the Windows 2003 and when I click
the "Certificates" mmc snap-in, under "Personal" and select "Request New
Certificate" the message appears:
The wizard cannot be started because of one or more of the following
conditions:
- There are no trusted CA's available
- You do not have the permissions to request certificates from the available
CAs
- The available CAs issue certificate for which you do not have permissions
What am I doing wrong ? I am logged on as an domain admin, box is joined to
domain accordingly. Win2003 Ent.
| |
| Bernard 2005-02-02, 7:47 am |
| a) Go back to the machine that you generated the CSR, use IIS MMC - to
install the cert
b) Open cert mmc, try to export the cert out (including private key), then
import at the other NLB host
similar steps, refer
HOW TO: Back Up a Server Certificate in Internet Information Services 5.0
http://support.microsoft.com/?id=232136
How to Import a Server Certificate for Use in Internet Information Services
5.0
http://support.microsoft.com/?id=232137
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
news:OTw5JiMCFHA.1408@TK2MSFTNGP10.phx.gbl...
>I need to install SSL certificates for my OWA1 and OWA2 servers, that will
>be configured as NLB.
> As far as I know, I understand that I need to generate a .CSR from both
> WIn2003 boxes and submit them to Verisign.
>
> If the above procedure is correct, I go to the Windows 2003 and when I
> click the "Certificates" mmc snap-in, under "Personal" and select "Request
> New Certificate" the message appears:
>
> The wizard cannot be started because of one or more of the following
> conditions:
> - There are no trusted CA's available
> - You do not have the permissions to request certificates from the
> available CAs
> - The available CAs issue certificate for which you do not have
> permissions
>
> What am I doing wrong ? I am logged on as an domain admin, box is joined
> to domain accordingly. Win2003 Ent.
>
>
>
| |
| Marlon Brown 2005-02-02, 5:55 pm |
| The problem is that I don't have the cert yet.
I am trying to generate the cert. If I understand correctly, first I need to
generate a .csr, then submit the .csr file to Verisign to in order for
Verisign to process the request and send it back to me.
When I attempt to generate the CSR on the Win2003 server, I get the message
described below.
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:uwXhz5QCFHA.3688@TK2MSFTNGP14.phx.gbl...
> a) Go back to the machine that you generated the CSR, use IIS MMC - to
> install the cert
> b) Open cert mmc, try to export the cert out (including private key), then
> import at the other NLB host
> similar steps, refer
> HOW TO: Back Up a Server Certificate in Internet Information Services 5.0
> http://support.microsoft.com/?id=232136
> How to Import a Server Certificate for Use in Internet Information
Services
> 5.0
> http://support.microsoft.com/?id=232137
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
> news:OTw5JiMCFHA.1408@TK2MSFTNGP10.phx.gbl...
will[vbcol=seagreen]
"Request[vbcol=seagreen]
>
>
| |
| Miha Pihler [MVP] 2005-02-02, 5:55 pm |
| Hi Marlon,
Since you are requesting from VeriSign you will have to save the request to
a file (you select "Prepare the Request Now, but send it later"). This will
save the request into a file (you will be able to provide path on a drive
and name for the request). Once done you can open the request file and copy
and paste the request to VeriSign website to continue your process.
--
Mike
Microsoft MVP - Windows Security
"Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
news:OTw5JiMCFHA.1408@TK2MSFTNGP10.phx.gbl...
>I need to install SSL certificates for my OWA1 and OWA2 servers, that will
>be configured as NLB.
> As far as I know, I understand that I need to generate a .CSR from both
> WIn2003 boxes and submit them to Verisign.
>
> If the above procedure is correct, I go to the Windows 2003 and when I
> click the "Certificates" mmc snap-in, under "Personal" and select "Request
> New Certificate" the message appears:
>
> The wizard cannot be started because of one or more of the following
> conditions:
> - There are no trusted CA's available
> - You do not have the permissions to request certificates from the
> available CAs
> - The available CAs issue certificate for which you do not have
> permissions
>
> What am I doing wrong ? I am logged on as an domain admin, box is joined
> to domain accordingly. Win2003 Ent.
>
>
>
| |
| Marlon Brown 2005-02-02, 5:55 pm |
| Thanks, but unfortunately your answer did not address my problem:
When launching the "request new certificate", this is what I am getting:
"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:u6JrfqUCFHA.3376@TK2MSFTNGP12.phx.gbl...[vbcol=seagreen]
> Hi Marlon,
>
> Since you are requesting from VeriSign you will have to save the request
to
> a file (you select "Prepare the Request Now, but send it later"). This
will
> save the request into a file (you will be able to provide path on a drive
> and name for the request). Once done you can open the request file and
copy
> and paste the request to VeriSign website to continue your process.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
> news:OTw5JiMCFHA.1408@TK2MSFTNGP10.phx.gbl...
will[vbcol=seagreen]
"Request[vbcol=seagreen]
>
>
| |
| Marlon Brown 2005-02-02, 5:55 pm |
| never mind. I should request the .csr from the IIS snap-in, not certificate
snap-in. Solved.
"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news:%23ptanDWCFHA.3596@TK2MSFTNGP12.phx.gbl...
> Thanks, but unfortunately your answer did not address my problem:
> When launching the "request new certificate", this is what I am getting:
>
>
>
>
> "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
> news:u6JrfqUCFHA.3376@TK2MSFTNGP12.phx.gbl...
> to
> will
drive[vbcol=seagreen]
> copy
> will
both[vbcol=seagreen]
> "Request
joined[vbcol=seagreen]
>
>
| |
| Bernard 2005-02-03, 2:48 am |
| Err.. >>
a) Go back to the machine that you generated the CSR, use IIS MMC - to
install the cert
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news:urRKjUXCFHA.3376@TK2MSFTNGP12.phx.gbl...
> never mind. I should request the .csr from the IIS snap-in, not
> certificate
> snap-in. Solved.
> "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> news:%23ptanDWCFHA.3596@TK2MSFTNGP12.phx.gbl...
> drive
> both
> joined
>
>
|
|
|
|
|