That is why I ALWAYS, make a backup of both the CSR and the CERT in the seperate directory together, with the date as part of the name of the directory. I had a similar problem, but it was my fault, as I had 3 different certs to install, and lost 1, and did not know which 2 the others worked for :( Big mess, took me about 10 hours to get it all straight, ever since, I make SURE I back them up. Plus, that helps if you have to change servers, you have them there to reinstall them, I've change one of the certs servers 3 or 4 times, always a snap, since I know have them backed up.
Just my 2 cents, so I put a low priority on it :o), for those of you who's eMail client supports eMail priorities Richard. ----- Original Message ----- From: "David Delbridge" <[EMAIL PROTECTED]> To: "Kim Phelan" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, November 21, 2002 12:50 PM Subject: Re: QuickSSL: Minor Bugs > Hi Kim, > > Thank you for the prompt response and for your assistance. Tony of > GeoTrust support has done an excellent job of remedying our situation. > > In panic, I fired multiple torpedoes at all available support channels, > including this discussion list. The first response came from GeoTrust > e-mail (which arrived about the same time as your list response) -- > pretty quickly. Tony had me repurchase a new QuickSSL cert on the > GeoTrust site, providing a new CSR, and then send a request to him for > refund of the original cert. To expedite processing, I followed his > instructions but, being that the original purchase came through OpenSRS, > I had to request that the new purchase be refunded instead. It's kinda > messy, eh? Before I had finished, Tony called; whether or not in > response to your influence, I don't know. He authorized and processed > my cert while we spoke on the phone and the new one works great. BAM! > > I'm not sure how the original cert got botched, but it probably has to > do with my first generating a replacement CSR, then deleting and > generating a fresh CSR. Somehow, the CSRs probably got mixed up. I can > only guess. Nonetheless, having been through this process and aware of > the bumps, I'm sure that my next request will go through easily. > > Thanks again. My hosting customer is back in business and I am pleased > with GeoTrust's support response -- not the "next business day" response > I had feared would cost me a valuable customer. > > Dave > > Kim Phelan wrote: > > > > *hrm*. The *Begin new* fix is being promoted Tuesday but > > I am assured by Geotrust, that whether the "new" is in the CSR > > or not makes no difference to the generation of the Cert. > > > > I've just spoken to Geotrust, and they're going to call you to deal > > with the cert. > > > > Kim Phelan > > > > -----Original Message----- > > From: David Delbridge [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, November 21, 2002 12:45 PM > > To: Kim Phelan > > Cc: [EMAIL PROTECTED] > > Subject: Re: QuickSSL: Minor Bugs > > Importance: High > > > > Thank you for the replies. > > > > Unfortunately, the cert has been issued and it WILL NOT INSTALL. > > GeoTrust's support telephone number will not allow you to hold for > > more > > than five minutes or so and booted me out with only the option to > > leave > > a message that "will be returned within the following business day." > > I > > am in DEEP doo-doo with this customer. > > > > When the site's renewal CSR was refused (because of the aforementioned > > "BEGIN NEW" issue), I presumed that a new CSR had to be generated, and > > we removed the old one and restarted. Doh! Now, we have no working > > cert and no new cert to install. If I revert, the new request will be > > abandoned. > > > > Any ideas, folks? > > > > Dave > > > > Kim Phelan wrote: > > > > > > Thanks for all the questions Dave, my responses: > > > > > > 1- Begin New vs Begin Certificate Request- Yes, we caught that one, > > > the fix is underway. The interface will only check for *begin* and > > > *end* in the CSR. > > > > > > 2- Help Files- We will be promoting the link to help within the > > > interface in the next week. But until then, I would review the > > > documentation at the following link it will explain the new nuances: > > > > > http://resellers.tucows.com/opensrs/certificates/pdf/digitalcertguide. > > > pdf > > > > > > 3- Contacts for QuickSSL Certs- Actually QuickSSL authentication has > > > to do with the approver email (domain authenticated),which is > > > generated > > > from the whois on the domain, or generic contacts at that domain. > > > (specific details on this list is in the documentation above). > > > > > > The contacts are up to you, but you will not be actually approving > > the > > > order, that "domain authenticated" contact will. Feel free to put > > > yourself on the contact list. When it comes to True Biz ID, they > > are > > > looking to make sure that the organization on the order, whois org > > and > > > proof of organization are the same. > > > > > > 4- As for renewals, we are designing this now. Geotrust is not > > > sending renewal messages on behalf of resellers. They will be very > > > similar to domain renewals. You will be able to designate the > > > verbiage of the message, and who it will be sent to. Expect more > > > details to be released in early February (to be available in March > > 03) > > > > > > 5- Admin contact in public information-Actually it isnt! The Seal > > > (where the info is) contains the domain name only (if QuickSSL) or > > > the Organization only (if True Biz ID). The certs itself only has > > > the organization/domain listed. > > > > > > For examples of this take a look at: > > > www.geotrust.com (they have a true biz id seal) > > > and www.apartmenthardware.com (they have a quick ssl seal). > > > > > > Hope that helps. > > > > > > Kim Phelan > > > Product Manager > > > Tucows, Inc. > > > [EMAIL PROTECTED] > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of David Delbridge > > > Sent: Wednesday, November 20, 2002 10:02 PM > > > To: [EMAIL PROTECTED] > > > Subject: QuickSSL: Minor Bugs > > > > > > I hope this is the proper place to report SSL bugs. Please correct > > me > > > otherwise. > > > > > > Application for QuickSSL fails IIS5 CSR validation, requiring, > > > "-----BEGIN CERTIFICATE REQUEST-----". But, IIS5 certificates > > > actually > > > begin "-----BEGIN NEW CERTIFICATE REQUEST-----". I did manage to > > get > > > by > > > this by merely deleting "NEW" from start and end of CSR. > > > > > > Separately, help files will be greatly appreciated. I'm unclear on > > a > > > lot of things in this new system. I assume that most resellers will > > > place their own info in Tech and Billing contacts, but that the > > Admin > > > contact MUST be an employee of the company that owns the respective > > > domain name, right? If I supply the customer's billing contact > > info, > > > what renewal message will s/he receive and how do I edit it? I > > > presume > > > that the Admin's contact info will be published in the cert for > > public > > > viewing/verification? > > > > > > Thank you. > > > > > > Dave > > > > -- > > > > David M. Delbridge > > President & CEO > > Circa 3000 > > ColdFusion Hosting > > http://www.circa3k.com > > 775-832-2445 > > -- > > David M. Delbridge > President & CEO > Circa 3000 > ColdFusion Hosting > http://www.circa3k.com > 775-832-2445 > >
