Ok so I need to take sit offline generate ccr and wait on corporate to generate the cert.
I meant that the cert generated by internal CA was no use as internal domain is company.com and was sit us on portal.oldcompany.com Cheers Graeme On Friday, 29 June 2012, Steve Kradel wrote: > Did you check the Application and System event logs? There may be > some complaints in there from Schannel. > > Cancelling a certificate request disappears the private key; the only > place the private key lives is the local machine at that point, and > the certificate request is just a process for getting the public key / > certificate notarized. A CSR does not contain any of the private key > data. > > I'm having some trouble parsing the statement "the internal CA ones > cant validate the DNS domain that the site is accessed on". CAs don't > generally validate nothin'. > > --Steve > > On Fri, Jun 29, 2012 at 3:28 PM, Graeme Carstairs > <[email protected]<javascript:;>> > wrote: > > Hi We tried the SSL Diagnositcs. > > > > The Verisign ones have no private key, so I have passed back to > corporate to > > resolve this issue, along with a new CCR > > > > I ahve a question > > > > when you use IIS to generate a CCR, if you cancel the request on the IIS > > server after the CCR has been sent to the registrar so you can install a > > certificate just to get the site back working, does that invalidate the > CCR > > generated certs? > > > > FYI the internal CA ones cant validate the DNS domain that the site is > > accessed on. > > > > Thanks guys > > > > hopefully the Cert guy at corporate can resolve this. > > > > graeme > > > > > > > > > > On 29 June 2012 15:07, Brian Hintz <[email protected] <javascript:;>> > wrote: > >> > >> Check out the SSL Diagnostics tools from MS: > >> > >> 32-bit – http://www.microsoft.com/download/en/details.aspx?id=674 > >> 64bit – http://www.microsoft.com/download/en/confirmation.aspx?id=5329 > >> > >> > >> > >> On Fri, Jun 29, 2012 at 5:44 AM, Graeme Carstairs > >> <[email protected]<javascript:;> > > > >> wrote: > >>> > >>> Hi There, > >>> > >>> One of our customers had a public facing WSS 3 site secured witha go > >>> daddy SSL. > >>> > >>> they were bought over by another company and since then the wSS has no > >>> longer been public facing but is still entirely SSL. > >>> > >>> The SSL has been expired for 2 months now as we are going through > parent > >>> company process of getting a new SSL issued. > >>> > >>> They initially issued us with on of the Enterprise CA, then a $150 > >>> verisign one and we have noe been issues a $600 verisign one. > >>> > >>> The problem is > >>> > >>> Import the certificate VIA Cerificates MMC, it checks out and can be > >>> viewed as a valid cert. and assign to the website in ISS. > >>> > >>> > >>> Immediately the site stops working, > >>> > >>> IE shows a Could not display the page rror (no muber) Chrome gives a > 107 > >>> SSL protocol Error. > >>> > >>> Using fiddler to monitor the traffic flow, and its a 107 error it shows > >>> as the only response. > >>> > >>> Replace the new cert with the old expired one and straight away the > sites > >>> working (with cert expired error) but still working. > >>> > >>> Any one got any suggestions as to what may be casuing this. > >>> > >>> Thanks > >>> > >>> graeme > >>> > >>> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] <javascript:;> > with the body: unsubscribe ntsysadmin > > -- Good news everyone, you have just received an e-mail from me! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
