GoDaddy UCC Cert not playing ball with Exchange 2007

[DrPerceptron]

Ok, so obviously I'm trying to setup my SSL access for OWA and its associated services using a GoDaddy cert.

I overcame some minor mishaps to get my cert (had to go through manual verification because automagic didn't work).

I've followed the GoDaddy instructions @ Installing an SSL Certificate in Microsoft Exchange Server - GoDaddy Help Center, Search the GoDaddy Knowledge Base

I had to repair a cert when I inserted so that I could use the Management Console to assign the cert to the services... but now I have...

Untrusted Certificate -> the security certificate was not issued by a trusted authority...

NB: If I add the intermediate certificate to the client it works... but that defeats the point of a £40 certificate

[binky]

Ok, so obviously I'm trying to setup my SSL access for OWA and its associated services using a GoDaddy cert.

I overcame some minor mishaps to get my cert (had to go through manual verification because automagic didn't work).

I've followed the GoDaddy instructions @ Installing an SSL Certificate in Microsoft Exchange Server - GoDaddy Help Center, Search the GoDaddy Knowledge Base

I had to repair a cert when I inserted so that I could use the Management Console to assign the cert to the services... but now I have...

Untrusted Certificate -> the security certificate was not issued by a trusted authority...

NB: If I add the intermediate certificate to the client it works... but that defeats the point of a £40 certificate

It sounds like exchange is not picking up the intermediate certificate (since it will send the intermediate along with the actual cert), try installing it to the root certificates area (make sure you are adding it to the Local Computer store, not the current user store).

[DrPerceptron]

I went back... had a look, could see them all there... so got annoyed and decided to do the windows updates.

Updated it, rebooted and now it works?

Solution: Don't have the foggiest, perhaps a reboot is an undocumented step? (yes I did IISRESET)

[Arthur]

Windows Update would have installed the latest root certificates, so that's probably why it started working.

[armadillo]

I am having problems getting bthe ssl cert through from godaddy, rang them twice (they are based in Arizona but 0207 number)but still not sorted yet. I paid £78 for a 4 year ssl cert and they sent me this saying they can't match the admin email with the domain name I applied for, this is what they sent:

Dear Secure Certificate Customer,

We have received a Certificate Signing Request for the domain: 24hrschool.x.x.sch.uk

We have failed to automatically retrieve an email address for the domain name Registrant nor Administrative Contact. It appears your whois record does not present valid or public email address contacts or has private registration in place.

There are several alternative methods, defined below, you can choose from to facilitate the validation of your domain access control.


We have assigned you the unique id, ( xvgtdmsn ), to use with the following two methods :


#1 - If you are able to make Domain Name Zone changes, you can use the Domain Zone Control validation process. For instructions on how to use this automated process use the following link : Domain Zone Control Instructions

#2 - If you are able to make a website page and store it in the root of your hosting account, you can use the Domain Website Control validation process. For instructions on how to use this automated process use the following link : Website Control Instructions

After you have implemented one of the domain control verifications methods described above, log into your account, and click on the pending request for your common name. You will be presented with several options. Click on the link that describes the domain control option you selected. If your method is deemed successful, will be taken back to the certificate management page. Please allow a few minutes for the status of your account to be updated.
Manual Options:

If you cannot make Domain Name Zone changes and you cannot create a special website page, but your whois record shows a registrant name, you can submit a Digital Action Form indicating approval for the certificate request. For instructions on how to use this manual process and download the form, log into your account.

If your whois does not show a registrant name, you will need to have your privacy company or registrar directly provide to us a Domain Authorization Letter. For instructions on how to use this manual process, log into your account.




If you encounter any problems or have any questions, our Customer Support department is ready to help, around-the-clock, seven days a week.

Customer Support:
E-Mail: ra@godaddy.com
Phone: 480.505.8852

Thanks in advance for any help.

[john]

I would say you just need to make a webpage and put it within IIS so when they go to to the domain / a path you specify that is on that domain you are securing it views the page. To do so see where the IIS website is set to and follow that it just needs to be a htm page I'd suspect. Use the godaddy guidelines that will help.

The reason they are failing is probably the same as ours, our domain validated to a false email admin@county.sch.uk as for some reason a lot seem to miss the domain out?!

[armadillo]

I would say you just need to make a webpage and put it within IIS so when they go to to the domain / a path you specify that is on that domain you are securing it views the page. To do so see where the IIS website is set to and follow that it just needs to be a htm page I'd suspect. Use the godaddy guidelines that will help.

The reason they are failing is probably the same as ours, our domain validated to a false email admin@county.sch.uk as for some reason a lot seem to miss the domain out?!

Thanks for your message John. I will get the gys atbthe concil to create the web page, as the domain is hosted/ looked after by them. I thought there might be an easier way of doing it; just need to be more patients and wait until after Xmas.