+ Post New Thread
Results 1 to 7 of 7
Internet Related/Filtering/Firewall Thread, GoDaddy UCC Cert not playing ball with Exchange 2007 in Technical; Ok, so obviously I'm trying to setup my SSL access for OWA and its associated services using a GoDaddy cert. ...
  1. #1
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    850
    Thank Post
    32
    Thanked 121 Times in 103 Posts
    Rep Power
    37

    GoDaddy UCC Cert not playing ball with Exchange 2007

    Ok, so obviously I'm trying to setup my SSL access for OWA and its associated services using a GoDaddy cert.

    I overcame some minor mishaps to get my cert (had to go through manual verification because automagic didn't work).

    I've followed the GoDaddy instructions @ Installing an SSL Certificate in Microsoft Exchange Server - GoDaddy Help Center, Search the GoDaddy Knowledge Base

    I had to repair a cert when I inserted so that I could use the Management Console to assign the cert to the services... but now I have...

    Untrusted Certificate -> the security certificate was not issued by a trusted authority...

    NB: If I add the intermediate certificate to the client it works... but that defeats the point of a 40 certificate

  2. #2
    binky's Avatar
    Join Date
    Sep 2006
    Posts
    290
    Thank Post
    1
    Thanked 19 Times in 16 Posts
    Rep Power
    0
    Quote Originally Posted by DrPerceptron View Post
    Ok, so obviously I'm trying to setup my SSL access for OWA and its associated services using a GoDaddy cert.

    I overcame some minor mishaps to get my cert (had to go through manual verification because automagic didn't work).

    I've followed the GoDaddy instructions @ Installing an SSL Certificate in Microsoft Exchange Server - GoDaddy Help Center, Search the GoDaddy Knowledge Base

    I had to repair a cert when I inserted so that I could use the Management Console to assign the cert to the services... but now I have...

    Untrusted Certificate -> the security certificate was not issued by a trusted authority...

    NB: If I add the intermediate certificate to the client it works... but that defeats the point of a 40 certificate
    It sounds like exchange is not picking up the intermediate certificate (since it will send the intermediate along with the actual cert), try installing it to the root certificates area (make sure you are adding it to the Local Computer store, not the current user store).

  3. #3
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    850
    Thank Post
    32
    Thanked 121 Times in 103 Posts
    Rep Power
    37
    I went back... had a look, could see them all there... so got annoyed and decided to do the windows updates.

    Updated it, rebooted and now it works?

    Solution: Don't have the foggiest, perhaps a reboot is an undocumented step? (yes I did IISRESET)

  4. #4


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,142
    Thank Post
    204
    Thanked 2,398 Times in 1,774 Posts
    Rep Power
    705
    Windows Update would have installed the latest root certificates, so that's probably why it started working.

  5. Thanks to Arthur from:

    DrPerceptron (22nd September 2009)

  6. #5

    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    174
    Thank Post
    13
    Thanked 2 Times in 2 Posts
    Rep Power
    15
    I am having problems getting bthe ssl cert through from godaddy, rang them twice (they are based in Arizona but 0207 number)but still not sorted yet. I paid 78 for a 4 year ssl cert and they sent me this saying they can't match the admin email with the domain name I applied for, this is what they sent:

    Dear Secure Certificate Customer,

    We have received a Certificate Signing Request for the domain: 24hrschool.x.x.sch.uk

    We have failed to automatically retrieve an email address for the domain name Registrant nor Administrative Contact. It appears your whois record does not present valid or public email address contacts or has private registration in place.

    There are several alternative methods, defined below, you can choose from to facilitate the validation of your domain access control.


    We have assigned you the unique id, ( xvgtdmsn ), to use with the following two methods :


    #1 - If you are able to make Domain Name Zone changes, you can use the Domain Zone Control validation process. For instructions on how to use this automated process use the following link : Domain Zone Control Instructions

    #2 - If you are able to make a website page and store it in the root of your hosting account, you can use the Domain Website Control validation process. For instructions on how to use this automated process use the following link : Website Control Instructions

    After you have implemented one of the domain control verifications methods described above, log into your account, and click on the pending request for your common name. You will be presented with several options. Click on the link that describes the domain control option you selected. If your method is deemed successful, will be taken back to the certificate management page. Please allow a few minutes for the status of your account to be updated.
    Manual Options:

    If you cannot make Domain Name Zone changes and you cannot create a special website page, but your whois record shows a registrant name, you can submit a Digital Action Form indicating approval for the certificate request. For instructions on how to use this manual process and download the form, log into your account.

    If your whois does not show a registrant name, you will need to have your privacy company or registrar directly provide to us a Domain Authorization Letter. For instructions on how to use this manual process, log into your account.




    If you encounter any problems or have any questions, our Customer Support department is ready to help, around-the-clock, seven days a week.

    Customer Support:
    E-Mail: ra@godaddy.com
    Phone: 480.505.8852


    Thanks in advance for any help.
    Last edited by armadillo; 23rd December 2009 at 10:34 PM.

  7. #6

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,440
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    I would say you just need to make a webpage and put it within IIS so when they go to to the domain / a path you specify that is on that domain you are securing it views the page. To do so see where the IIS website is set to and follow that it just needs to be a htm page I'd suspect. Use the godaddy guidelines that will help.

    The reason they are failing is probably the same as ours, our domain validated to a false email admin@county.sch.uk as for some reason a lot seem to miss the domain out?!

  8. #7

    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    174
    Thank Post
    13
    Thanked 2 Times in 2 Posts
    Rep Power
    15
    Quote Originally Posted by john View Post
    I would say you just need to make a webpage and put it within IIS so when they go to to the domain / a path you specify that is on that domain you are securing it views the page. To do so see where the IIS website is set to and follow that it just needs to be a htm page I'd suspect. Use the godaddy guidelines that will help.

    The reason they are failing is probably the same as ours, our domain validated to a false email admin@county.sch.uk as for some reason a lot seem to miss the domain out?!
    Thanks for your message John. I will get the gys atbthe concil to create the web page, as the domain is hosted/ looked after by them. I thought there might be an easier way of doing it; just need to be more patients and wait until after Xmas.

SHARE:
+ Post New Thread

Similar Threads

  1. Exchange 2007 Server Wildcard SSL CERT
    By wesleyw in forum Windows
    Replies: 0
    Last Post: 14th August 2009, 12:21 PM
  2. [Video] Insane dead-ball skills
    By mattx in forum Jokes/Interweb Things
    Replies: 1
    Last Post: 10th June 2009, 10:29 AM
  3. How to create a certificate request for an Exchange 2007 UCC
    By Dos_Box in forum How do you do....it?
    Replies: 11
    Last Post: 27th April 2009, 06:42 PM
  4. Godaddy Hosting
    By binky in forum General Chat
    Replies: 0
    Last Post: 20th June 2008, 06:05 PM
  5. Replies: 1
    Last Post: 18th April 2008, 09:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •