|
Home > Archive > IIS Server Security > December 2006 > "Certificate does not have a private key"
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
"Certificate does not have a private key"
|
|
| jering 2006-11-30, 7:23 pm |
| Hi!
This issue is regarding an Exchange-server with IIS and OWA.
Windows Server 2003 SP1 and Exchange SP2.
We obtained a public CA from VeriSign.
It worked fine from clients like IE6, but not from mobile devices and
ActiveSync. So the mobilephone-manufacterer adviced this:
"In response to your query, it looks like the certificate on the exchange
server is invalid. Is it possible for the I.T department to install a new
certificate. Sometimes through webmail, it overides the old certificate
whereas on the device it will not let you proceed."
So I anassigned the certificate from the default website and then deleted
all items from "Personal certificates" in the certificates MMC, and then
imported the certificate from VeriSign. After that I assigned the certificate
to the default web site in IIS.
Now SSL doesn`t work at all and this is found in the eventviewer:
http://support.microsoft.com/kb/824035
I have the certificate request sent to the CA and the certificate I got back
from them.
Obvoiusly the private key is missing.
How can this be fixed?
| |
| Bernard Cheah [MVP] 2006-12-01, 1:33 am |
| Obviously the new cert you installed, is not a complete cert (without
private key)
Do you have a backup of the cert in pfx format? which you exported the
private keys also?
if not, I think you need to recreate the pending request, then complete the
process by deploying
the cert from CA to that corresponding pending request.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
"jering" <jering@discussions.microsoft.com> wrote in message
news:149A544C-1970-4FD1-97CA-64F00DFFC748@microsoft.com...
> Hi!
>
> This issue is regarding an Exchange-server with IIS and OWA.
> Windows Server 2003 SP1 and Exchange SP2.
>
> We obtained a public CA from VeriSign.
> It worked fine from clients like IE6, but not from mobile devices and
> ActiveSync. So the mobilephone-manufacterer adviced this:
> "In response to your query, it looks like the certificate on the exchange
> server is invalid. Is it possible for the I.T department to install a new
> certificate. Sometimes through webmail, it overides the old certificate
> whereas on the device it will not let you proceed."
>
> So I anassigned the certificate from the default website and then deleted
> all items from "Personal certificates" in the certificates MMC, and then
> imported the certificate from VeriSign. After that I assigned the
> certificate
> to the default web site in IIS.
> Now SSL doesn`t work at all and this is found in the eventviewer:
> http://support.microsoft.com/kb/824035
>
> I have the certificate request sent to the CA and the certificate I got
> back
> from them.
> Obvoiusly the private key is missing.
> How can this be fixed?
| |
| Wade Barrett 2006-12-05, 1:20 pm |
| Hello,
Export the Cert from a working server and make sure that you check the box
during the export that says "Make Private Key Exportable"
"jering" wrote:
> Hi!
>
> This issue is regarding an Exchange-server with IIS and OWA.
> Windows Server 2003 SP1 and Exchange SP2.
>
> We obtained a public CA from VeriSign.
> It worked fine from clients like IE6, but not from mobile devices and
> ActiveSync. So the mobilephone-manufacterer adviced this:
> "In response to your query, it looks like the certificate on the exchange
> server is invalid. Is it possible for the I.T department to install a new
> certificate. Sometimes through webmail, it overides the old certificate
> whereas on the device it will not let you proceed."
>
> So I anassigned the certificate from the default website and then deleted
> all items from "Personal certificates" in the certificates MMC, and then
> imported the certificate from VeriSign. After that I assigned the certificate
> to the default web site in IIS.
> Now SSL doesn`t work at all and this is found in the eventviewer:
> http://support.microsoft.com/kb/824035
>
> I have the certificate request sent to the CA and the certificate I got back
> from them.
> Obvoiusly the private key is missing.
> How can this be fixed?
|
|
|
|
|