Enterprise Software Thread, New SSL Cert - OWA + Internal resources on Server stopped working in Technical; We requested SWGFL to get us a Multi-Domain SSL Certificate from TERENA enabling us to be able to move to ...
21st February 2012, 02:09 PM #1
New SSL Cert - OWA + Internal resources on Server stopped working
We requested SWGFL to get us a Multi-Domain SSL Certificate from TERENA enabling us to be able to move to Live@Edu. So, I generated a Cert request from our Server (I backed up and removed the old Cert 1st), then unfortunately OWA and other internal services on the Server stopped working (Internet Explorer cannot display the webpage). As several important services had stopped working I emailed in the request for a new Cert then cancelled the request on the Server. I then re-imported the old Cert which got everything back working again.
Fast forward to today and I received the Cert via Email and went to install it. Again I removed the old Cert, placed the new Cert in the Trusted Root CA and Personal Cert store then assigned the new Cert to the desired Default Website in IIS 6. I checked OWA and I get the Internet Explorer cannot display the webpage error message. Same for all other services.
Both Certs have been issued to "mail.<schoolname>.sch.uk" but only the old one works correctly. What have I done wrong?
We are using Server 2003 and IIS 6.
IDG Tech News
21st February 2012, 02:14 PM #2
I had this when creating a wildcard SSL. If you cancel the request to enable OWA to work (we had the same issue) it wont work when you import the cert.
As we were doing a wildcard SSL, I just started a new request on a server that didnt have a need for SSL, so I could leave the request pending.
Then it was just a case of exporting it out that server, and installing on all the others.
Thanks to Hawkeyez from:
mwbutler (21st February 2012)
21st February 2012, 03:34 PM #3
I'm going to give that a try, thanks!
21st February 2012, 04:42 PM #4
My usual trick which is documented by MS somewhere(!) is to add a new temporary IIS web-site alongside the Default one, do the cert request from and import the cert to the temporary site when it arrives. Then go to the Default site and quickly swap the certs over (replace old and select the new cert from list). Guess you might need wildcards in some scenarios but with Exchange 2003 I've always managed to arrange things so it's all happy with standard single-name IIS cert.
In practice I also need to add an intermediate cert from the CA to the local comp store and restart IIS - not all, but you need to do that for a few CAs.
Last edited by PiqueABoo; 21st February 2012 at 05:02 PM.
Thanks to PiqueABoo from:
mwbutler (22nd February 2012)
22nd February 2012, 11:33 AM #5
Problem solved! I used Hawkeyez method as it was simpler but I have also saved your notes PiqueABoo just in case the other one is inpractical.
Here are my notes just in case anyone else runs into the same problem:
- Request a new Certificate on a Server that isn't using a SSL Certificate otherwise
you will break any Servicew that is using SSL (OWA and Resource Booking).
- Prepare the request, but send it later.
- Import certificate_name.cer once you have received it via email.
- The Move / Copy Certificate to remote Server option gave me an access denied error.
- Instead Export the Certificate in to a PFX file - <server>_new_cert.pfx.
- Copy this to <destination_server> C:\ drive.
- On <destination_server> "Remove the current Certificate" Certificate in IIS.
- Import a Certificate from a PFX file and select <server>_new_cert.pfx.
- Browse to OWA and see if the new Certificate is now in use.
There's a load of suggestions on Google on how to fix the access denied error, but I found an alternate solution in step 5 which worked so I have ignored that error for now.
22nd February 2012, 10:33 PM #6
Thanks to PiqueABoo from:
mwbutler (23rd February 2012)
By Dos_Box in forum Windows Server 2008
Last Post: 27th September 2011, 12:31 PM
By wesleyw in forum Windows
Last Post: 14th August 2009, 12:21 PM
By enjay in forum Hardware
Last Post: 17th June 2008, 03:42 PM
By ICTNUT in forum Windows
Last Post: 15th November 2007, 08:35 AM
By johnkay21 in forum Windows
Last Post: 15th May 2007, 07:20 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)