Re: Problem processing SSL certificate response.
- From: David Wang <w3.4you@xxxxxxxxx>
- Date: Sun, 23 Nov 2008 06:16:14 -0800 (PST)
On Nov 22, 12:01 pm, Tyrven <Tyr...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
David,
"Download SSL Diagnostics 1.1 from Microsoft.com and use it to diagnose
and resolve your issue(s) with SSL."
I know why SSL isn't working: there isn't a private key. What I don't know
is WHY the private key isn't being generated by the "Process pending request"
option.
Note that I am able to work around this by requesting/processing a request
on a separate machine (my local Vista workstation, for example), then
transfering the generated PFX into the certificate store on the IIS machine.
I can still use the Certificate Authority on the IIS machine to issue a
self-signed certificate. The issue is exclusively with the ability of IIS to
process a certificate response.
It is not clear to me whether you are saying:
1. It is not possible to use IIS to Request/Process a certificate
request to enable SSL on a website.
2. OR it used to work on this IIS server but not any more.
Both statements are true. The Request/Process wizard works fine (no errors)
but the result is an "orphaned" public key (no private key generated). This
process worked up to six months ago (roughly); keys generated via IIS before
that are functional (but many are expiring); key generated (either new or
renewed) are orphaned.
It is also not clear to me whether you installed the SSL Certificate
in the LocalMachine's Personal store or not, nor if you installed the
SSL Certificate with or without "export" capability.
When using the Request/Process wizard, these are not options. The SSL
Certificate is automatically imported into the Local Machine ("My Computer")
Personal store with export capability. I could manually import the
certifcate response from the Certificate Authority - but that wouldn't result
in processing a private key.
Hope this helps clarify the issue.
Tyrven
Then, it looks like you should contact Microsoft PSS and open a
support case to determine the underlying issue in your situation.
You say that it worked before but not now, and you are confident that
you are doing the same actions as before that should work, and you
want to know why. Those requirements pretty much mean that you should
contact Microsoft PSS to open a support case because you believe a bug
was introduced.
I usually assign SSL Certificates in IIS in the way that you say still
works -- I never bother with the IIS Wizard to create/process requests
because I always keep track of the PFX certificate and explicitly
install the certificate on the server(s) of my choice with the options
of my choice. Going through the wizard is opposite of what I want,
especially when dealing with multiple servers in a farm.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
.
- References:
- Problem processing SSL certificate response.
- From: Tyrven
- Re: Problem processing SSL certificate response.
- From: David Wang
- Re: Problem processing SSL certificate response.
- From: Tyrven
- Problem processing SSL certificate response.
- Prev by Date: Re: Problem processing SSL certificate response.
- Next by Date: 530 User cannot log in, home directory inaccessible.
- Previous by thread: Re: Problem processing SSL certificate response.
- Next by thread: RE: Certificate Transfer
- Index(es):
Relevant Pages
|
