Re: Help!? New Certificate Doesn't Work

From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 11/01/02 

From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com>
Date: Thu, 31 Oct 2002 21:28:52 -0500

"Dan Geiser" <dgeiser13@hotmail.com> wrote in message
news:uDmuYRTgCHA.2700@tkmsftngp09...
> Hello, All,
> I work for a small web hosting provider. A customer of ours just
registered
> a new 2-year 128 bit SSL certificate through VeriSign and I can't get it
to
> work. The machine in question is running Windows 2000 Server with IIS 5.
I
> installed the certificate in the same manner that I've installed others
and
> that seemed to go fine. The non-secure web site loads just fine,
> http://www.osusait.com/. But when I put in https://www.osusait.com/ the
> browser gives me errors. I've tried it with other browsers as well and
none
> of them work.
>
> I've worked my way through the different items on the error page to see if
> that helps but it doesn't do the trick.
>
> Can anyone help me with this issue? What are my options if an SSL
> Certificate doesn't work?

Have you checked out www.iisfaq.com/ssl? You might try using NETSTAT -AN
and the ADSUTIL.VBS to see which web site is bound to TCP port 443, if any.
I think sometimes the default web site remains bound to 443 so that a new
web site you create can't bind to 443. The tool WFETCH.EXE from
www.microsoft.com/support and www.microsoft.com/download lets you see the
connection.

Personally I would consider returning the Verisign cert for a refund and
purchase one from www.Entrust.net Entrust is owned by Verisign, but the
certs are like a third of the price, around $120 / year. We use them and
haven't had problems with any browsers that we know of not accepting the
cert.

Relevant Pages

  • eliminating the offsite.. rpc over http outlook anywhere.. autodiscover.domain.com warning message i
    ... certificate that doesnt support multiple names or SAN... ... You could look to purchase an SSL certificate that supports the ... web site at some point in the future). ... When you refresh the configuration in Exchange Management Console, ...
    (microsoft.public.exchange.admin)
  • Re: Primary key backup
    ... Anywhere, now make sure you have no cert now, since the ... > I am getting a reissue from my vendor, as I was not able to deploy the> certificate which I got from them ... > here are the details of my scenario> I have a web site running with an SSL certificate ... > -I used the certificate wizard on the new web site by giving the actual> details and generated a CSR. ...
    (microsoft.public.inetserver.iis.security)
  • Re: How can I act as a Certificate Authority (CA) with openssl ??
    ... then putting that on a web site. ... > paying for a certificate is that it might be simpler for you. ... The browser maker and cert orgs like this since ...
    (sci.crypt)
  • Re: How can I act as a Certificate Authority (CA) with openssl ??
    ... then putting that on a web site. ... > paying for a certificate is that it might be simpler for you. ... The browser maker and cert orgs like this since ...
    (comp.security.unix)
  • Re: LDAPS on 2k3
    ... Are there any errors in the DC machine's event log related to not being able to use or find an appropriate SSL certificate? ... Cert WITH private key not installed in local computer store personal container ... Missing server auth EKU ...
    (microsoft.public.windows.server.active_directory)