Re: Request certificate wizard:What am I doing wrong ? Verisign certificate - Win2003

From: Marlon Brown (marlon_brown_at_hotmail.com)
Date: 02/02/05 

Date: Wed, 2 Feb 2005 07:38:57 -0800

The problem is that I don't have the cert yet.
I am trying to generate the cert. If I understand correctly, first I need to
generate a .csr, then submit the .csr file to Verisign to in order for
Verisign to process the request and send it back to me.

When I attempt to generate the CSR on the Win2003 server, I get the message
described below.

"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:uwXhz5QCFHA.3688@TK2MSFTNGP14.phx.gbl...
> a) Go back to the machine that you generated the CSR, use IIS MMC - to
> install the cert
> b) Open cert mmc, try to export the cert out (including private key), then
> import at the other NLB host
> similar steps, refer
> HOW TO: Back Up a Server Certificate in Internet Information Services 5.0
> http://support.microsoft.com/?id=232136
> How to Import a Server Certificate for Use in Internet Information
Services
> 5.0
> http://support.microsoft.com/?id=232137
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
> news:OTw5JiMCFHA.1408@TK2MSFTNGP10.phx.gbl...
> >I need to install SSL certificates for my OWA1 and OWA2 servers, that
will
> >be configured as NLB.
> > As far as I know, I understand that I need to generate a .CSR from both
> > WIn2003 boxes and submit them to Verisign.
> >
> > If the above procedure is correct, I go to the Windows 2003 and when I
> > click the "Certificates" mmc snap-in, under "Personal" and select
"Request
> > New Certificate" the message appears:
> >
> > The wizard cannot be started because of one or more of the following
> > conditions:
> > - There are no trusted CA's available
> > - You do not have the permissions to request certificates from the
> > available CAs
> > - The available CAs issue certificate for which you do not have
> > permissions
> >
> > What am I doing wrong ? I am logged on as an domain admin, box is joined
> > to domain accordingly. Win2003 Ent.
> >
> >
> >
>
>

Relevant Pages

  • Re: SBS 2003 R2 + UCC Certicifate Woes
    ... If you create a CSR with only one CN and then have the certificate created with SANs that the CSR did not contain then you get a mismatch because the certificate provider doesn't actually have your private key, they only have your CSR...which is derived from your key and the data you provide. ... this isn't an IIS or even Windows limitation. ... using the Certificates MMC snap-in and replaced the cert used by the ...
    (microsoft.public.windows.server.sbs)
  • Re: Im concerned that Ive done something stupid
    ... certificate, which is only a single file, how do I configure sendmail ... The key never left your machine, only the CSR did. ... cert you got back was Verisign's signature ontop of that specific key. ...
    (comp.security.unix)
  • Re: How to transfer SSL Cert from NT4 server to w2k server?
    ... you can generate the CSR. ... > I have a windows NT 4.0 web server with a thawte SSL cert that I need to ... > SSL cert from the nt4 box is to export a backup file in the key manager. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Replacing an SSL cert for OWA
    ... If you need to generate the CSR, you could do this on another IIS node, ... ensuring the cert is marked as exportable. ...
    (microsoft.public.exchange.admin)
  • Re: OpenSSL Certificate Creation
    ... snapshot of openssl which seems to support generation of public client ... >>>that the cert is required to connect to he server. ... >> echo Mail Server Certificate: ...
    (comp.os.linux.security)