+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 32
Windows Server 2008 R2 Thread, SSL Exchange Help (ipsca) in Technical; yer thats what I done again, this is really annoying me now, it should just work, im doing everything correct ...
  1. #16
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    yer thats what I done again, this is really annoying me now, it should just work, im doing everything correct here

  2. #17
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Any more ideas?

  3. #18
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    bump......

  4. #19

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Quote Originally Posted by sukh View Post
    1. Check your cert > run Get-ExchangeCertificate |fl >c:\cert.txt from the ems and check status
    2. run Enable-ExchangeCertificate certificate -services IIS in the ems
    3. Confirm is it a UCC cert
    4. Make sure you have put the cert in the right place
    5. Check the purpose of the cert
    6. What base OS are you using inclu SP, 2008 or r2?

    Sukh
    Got this info?

  5. #20
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Right, this is what I have done now (Trying to follow your instuctions sukh)

    Request a certificate from the Exchange Console
    Request a certificate from ipsca again

    Renamed the cert file from ipsca, to cert.txt so it works with your command
    Now used your commands in the Exchange 2010 Shell

    This is an error im getting

    VERBOSE: Connecting to MAIL.ockendon.thurrock.sch.uk
    VERBOSE: Connected to MAIL.ockendon.thurrock.sch.uk.
    [PS] C:\Windows\system32>Get-ExchangeCertificate |fl >c:\cert.txt

    Thats command works but does nothing as far has I can tell

    [PS] C:\Windows\system32>Enable-ExchangeCertificate certificate -services IIS
    The certificate with thumbprint certificate was not found.
    + CategoryInfo : ObjectNotFound: ( [Enable-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 79C4D1AB,Microsoft.Exchange.Management.SystemConfi gurationTasks.EnableExchangeCertificate



    Was I meant to install the certificate in the Echange Console before doing these commands?
    Last edited by pritchardavid; 28th June 2011 at 08:59 AM.

  6. #21

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. Yes, you have to import the cer then enable on the services.
    2. You dont need to rename the cert .txt, that was for the output
    3. What format did you get yuo cert in pfx p12 cer?

  7. #22
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Have found one problem I think

    Once I looked at the cert.txt - Root CA Type Unknown

    Also when I done the second command nothing happend I typed this is for the second one -
    Enable-ExchangeCertificate 06E0D7CFE246DC6FD05491F1A9270B5424DC905E -services IIS -DoNotRequireSSL (Last command is to stop enforcing SSL at the root, as we redirect it to owa at the root which is not https)

    Purpose of the cert = Ensures the identity of a remote computer







    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
    ule}
    CertificateDomains : {mail.theockendonacademy.com}
    HasPrivateKey : True
    IsSelfSigned : False
    Issuer : E=ipscalevel1@ipsca.com, CN=ipsCA Level 1 CA, OU=Certificaciones, O=ips Certification Authority, L
    =MADRID, S=MADRID, C=ES
    NotAfter : 02/07/2013 15:22:13
    NotBefore : 27/06/2011 15:22:13
    PublicKeySize : 2048
    RootCAType : Unknown
    SerialNumber : 10A8E3BBFA2DE210C590D8B8AB78D150668C41E8
    Services : None
    Status : Invalid
    Subject : CN=mail.theockendonacademy.com, OU=ICT, O=The Ockendon Academy, L=South Ockendon, S=Essex, C=GB
    Thumbprint : 06E0D7CFE246DC6FD05491F1A9270B5424DC905E
    Last edited by pritchardavid; 28th June 2011 at 11:09 AM.

  8. #23

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. For what reason are you installing the Cert if youre using http and not https?
    2. If you got to mail.theockendonacademy.com can you login succesfully and use OWA?

  9. #24
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Sorry got you a bit confussed there, we are using https. We just dont use it on the root, so when you type in mail.theockendonacademy.com it redirects you to https://mail.theockendonacademy.com/owa

    Ok have got a bit further now, noticed that the ipsCA LEVEL 1 CA was missing from 'Intermediciate cert authorities' store, sure I have checked this before the the mmc addon.

    New info from cert.txt



    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
    ule}
    CertificateDomains : {mail.theockendonacademy.com}
    HasPrivateKey : True
    IsSelfSigned : False
    Issuer : E=ipscalevel1@ipsca.com, CN=ipsCA Level 1 CA, OU=Certificaciones, O=ips Certification Authority, L
    =MADRID, S=MADRID, C=ES
    NotAfter : 02/07/2013 15:22:13
    NotBefore : 27/06/2011 15:22:13
    PublicKeySize : 2048
    RootCAType : ThirdParty
    SerialNumber : 10A8E3BBFA2DE210C590D8B8AB78D150668C41E8
    Services : IIS
    Status : Valid
    Subject : CN=mail.theockendonacademy.com, OU=ICT, O=The Ockendon Academy, L=South Ockendon, S=Essex, C=GB
    Thumbprint : 06E0D7CFE246DC6FD05491F1A9270B5424DC905E


    But a problem still exists!

    Im getting 'this certificate cannot be verified up to a trusted certification authority' on the owa site when I click on the cerficate error

    Plus when I click to view the cerficate and click on the cerfication path, it does not have any cerficates expect mail.theockendonacademy.com. It's missing bothe the root and level 1 ipsca certs
    Last edited by pritchardavid; 28th June 2011 at 01:03 PM.

  10. #25

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. Did you get a root certificate too when you cert was issues to you, the full path isnt avaliable, this is why youre getting the error. The root exisits in the browser but it seems liek you have a Intermediate?

  11. #26
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Yep got three certs to install in total

    SSL Certificate Authority low-cost, fully-validated 38$ SSL and 276$ Wildcard Certificates (Plus of course our one made for our server)


    The weird thing is, if I was to go to the owa site actually on the Mail Server it works fine with the Certs, its got the correct Cert path too

    It any other computer lol

    Believe they are installed in the correct location


    Under Cert mmc these are the ipsCA Certs I can see that are installed on the Mail Server



    Personal >>>> Certificates >>>> mail.theockedonacademy.com Cert Issued By ipsCA Level 1 CA

    Trusted Root Certification Authorities >>>> Certificates >>>> ipsCA Global CA Root Cert Issued By ipsCA Global CA Root

    Intermediate Certification Authorities >>>> Certificates >>>> ipsCA Level 1 CA Issued By ipsCA Global CA Root

    Third-Party Root Certification Authorities >>>> Certificates >>>> ipsCA Global CA Root Issued By ipsCA Root

  12. #27

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    perform a iisrest on the exch server

  13. #28
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    I did restart the whole iis service before, would have tried a reboot now, but the remote server id down

  14. #29
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    All Sorted!

    Just a reboot of the server resolved this!

  15. #30

    Join Date
    Mar 2011
    Posts
    187
    Thank Post
    4
    Thanked 20 Times in 16 Posts
    Rep Power
    10
    Just sorted out a IPSCA cert for our exchange server yesterday. No problems at all. Shame Firefox still don't support the certs though.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. ipsCA Global CA Root
    By KK20 in forum Windows
    Replies: 40
    Last Post: 16th June 2011, 11:18 PM
  2. Exchange ssl cert up for renewal.. who to use?
    By RabbieBurns in forum Internet Related/Filtering/Firewall
    Replies: 29
    Last Post: 9th March 2011, 09:54 AM
  3. SSL for Exchange 2007
    By chazzy2501 in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 26th January 2010, 04:17 PM
  4. Exchange 2007 & SSL hell!
    By jdibsdale in forum Windows
    Replies: 2
    Last Post: 29th October 2009, 01:07 PM
  5. SSL Certificates for Exchange 2007
    By jdibsdale in forum Windows
    Replies: 14
    Last Post: 29th May 2009, 06:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •