+ Post New Thread
Results 1 to 6 of 6
Enterprise Software Thread, New SSL Cert - OWA + Internal resources on Server stopped working in Technical; We requested SWGFL to get us a Multi-Domain SSL Certificate from TERENA enabling us to be able to move to ...
  1. #1
    mwbutler's Avatar
    Join Date
    Nov 2010
    Location
    Dorset
    Posts
    235
    Thank Post
    97
    Thanked 20 Times in 17 Posts
    Rep Power
    27

    New SSL Cert - OWA + Internal resources on Server stopped working

    We requested SWGFL to get us a Multi-Domain SSL Certificate from TERENA enabling us to be able to move to Live@Edu. So, I generated a Cert request from our Server (I backed up and removed the old Cert 1st), then unfortunately OWA and other internal services on the Server stopped working (Internet Explorer cannot display the webpage). As several important services had stopped working I emailed in the request for a new Cert then cancelled the request on the Server. I then re-imported the old Cert which got everything back working again.

    Fast forward to today and I received the Cert via Email and went to install it. Again I removed the old Cert, placed the new Cert in the Trusted Root CA and Personal Cert store then assigned the new Cert to the desired Default Website in IIS 6. I checked OWA and I get the Internet Explorer cannot display the webpage error message. Same for all other services.

    Both Certs have been issued to "mail..sch.uk" but only the old one works correctly. What have I done wrong?

    We are using Server 2003 and IIS 6.

    Thanks

    Matt

  2. #2
    Hawkeyez's Avatar
    Join Date
    Jul 2005
    Posts
    272
    Thank Post
    7
    Thanked 23 Times in 20 Posts
    Rep Power
    25
    I had this when creating a wildcard SSL. If you cancel the request to enable OWA to work (we had the same issue) it wont work when you import the cert.
    As we were doing a wildcard SSL, I just started a new request on a server that didnt have a need for SSL, so I could leave the request pending.

    Then it was just a case of exporting it out that server, and installing on all the others.

  3. Thanks to Hawkeyez from:

    mwbutler (21st February 2012)

  4. #3
    mwbutler's Avatar
    Join Date
    Nov 2010
    Location
    Dorset
    Posts
    235
    Thank Post
    97
    Thanked 20 Times in 17 Posts
    Rep Power
    27
    I'm going to give that a try, thanks!

  5. #4

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    My usual trick which is documented by MS somewhere(!) is to add a new temporary IIS web-site alongside the Default one, do the cert request from and import the cert to the temporary site when it arrives. Then go to the Default site and quickly swap the certs over (replace old and select the new cert from list). Guess you might need wildcards in some scenarios but with Exchange 2003 I've always managed to arrange things so it's all happy with standard single-name IIS cert.

    In practice I also need to add an intermediate cert from the CA to the local comp store and restart IIS - not all, but you need to do that for a few CAs.
    Last edited by PiqueABoo; 21st February 2012 at 05:02 PM. Reason: clarity

  6. Thanks to PiqueABoo from:

    mwbutler (22nd February 2012)

  7. #5
    mwbutler's Avatar
    Join Date
    Nov 2010
    Location
    Dorset
    Posts
    235
    Thank Post
    97
    Thanked 20 Times in 17 Posts
    Rep Power
    27
    Problem solved! I used Hawkeyez method as it was simpler but I have also saved your notes PiqueABoo just in case the other one is inpractical.


    Here are my notes just in case anyone else runs into the same problem:

    - Request a new Certificate on a Server that isn't using a SSL Certificate otherwise
    you will break any Servicew that is using SSL (OWA and Resource Booking).
    - Prepare the request, but send it later.
    - Import certificate_name.cer once you have received it via email.
    - The Move / Copy Certificate to remote Server option gave me an access denied error.
    - Instead Export the Certificate in to a PFX file - _new_cert.pfx.
    - Copy this to C:\ drive.
    - On "Remove the current Certificate" Certificate in IIS.
    - Import a Certificate from a PFX file and select _new_cert.pfx.
    - Browse to OWA and see if the new Certificate is now in use.

    There's a load of suggestions on Google on how to fix the access denied error, but I found an alternate solution in step 5 which worked so I have ignored that error for now.

    Thanks all

  8. #6

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Whatever works. For thread posterity I've just found the (retired) KB for what I described: How To Renew or Create New Certificate Signing Request While Another Certificate Is Currently Installed

  9. Thanks to PiqueABoo from:

    mwbutler (23rd February 2012)

SHARE:
+ Post New Thread

Similar Threads

  1. OWA 2007 on Server 2008
    By Dos_Box in forum Windows Server 2008
    Replies: 4
    Last Post: 27th September 2011, 12:31 PM
  2. Exchange 2007 Server Wildcard SSL CERT
    By wesleyw in forum Windows
    Replies: 0
    Last Post: 14th August 2009, 12:21 PM
  3. Wake on LAN stopped working
    By enjay in forum Hardware
    Replies: 8
    Last Post: 17th June 2008, 03:42 PM
  4. Error with NEW SSL Cert in OWA
    By ICTNUT in forum Windows
    Replies: 3
    Last Post: 15th November 2007, 08:35 AM
  5. Internal Mail on Exchange Server
    By johnkay21 in forum Windows
    Replies: 6
    Last Post: 15th May 2007, 07:20 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •