Thanks Ken so as long as I use the cert manager rather than IIS We should be golden. I'll get on it Monday AM
Graeme On Saturday, 30 June 2012, ken schaefer wrote: > Hi, > > The old, working cert already has a private key in the cert store. You can > keep using that whilst you generate a new cert request, and submit it. > > When you get your new cert back, import it into the cert store, and then > switch over to using it. > > You can see what's happening by using the certificates MMC, alongside the > IIS Wizard. All the IIS wizard does is manipulate the Windows cert store. > If you cancel the request in IIS, it deletes the entry under Pending > Requests in the Certificates MMC, and you lose the private key. > > Sent from my Windows Phone > ------------------------------ > From: Graeme Carstairs > Sent: 30/6/2012 3:13 PM > To: NT System Admin Issues > Subject: Re: Weird SSL issues on existing IIS6 WSS 3 site > > Hi Ken, > > I replied that the SSL Diagnostic showed that the verisign Certs had no > private key, as did the internal corp CA issued one. > and that I believed this was because we were breaking the CCR request due > to trying to keep the site running by generating the CCR and the reapplying > the old cert. > > Next step is to arrange a time with corporate to take the cert off, > generate CCR and leave the site down until I can get the new cert and > finish the request process. > > Graeme > > > > On Saturday, 30 June 2012, Ken Schaefer wrote: > > “We tried the SSL Diagnositcs (sic)”**** > > ** ** > > And the result was?**** > > ** ** > > when you use IIS to generate a CCR, if you cancel the request on the IIS > server after the CCR has been sent to the registrar so you can install a > certificate just to get the site back working, does that invalidate the CCR > generated certs?**** > > ** ** > > If you do this, you lose the matching private key – your newly received > certificate will not work**** > > ** ** > > FYI the internal CA ones cant validate the DNS domain that the site is > accessed on.**** > > ** ** > > This doesn’t even make sense. Can you think of a different way of > explaining this? Or posting the actual configuration you are using and > error(s) that you are seeing?**** > > ** ** > > As requested before, did you look in the Windows Event Logs and the > httperr.log files?**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > ** ** > > *From:* Graeme Carstairs [mailto:[email protected]] > *Sent:* Saturday, 30 June 2012 5:28 AM > *To:* NT System Admin Issues > *Subject:* Re: Weird SSL issues on existing IIS6 WSS 3 site**** > > ** ** > > Hi We tried the SSL Diagnositcs.**** > > ** ** > > The Verisign ones have no private key, so I have passed back to corporate > to resolve this issue, along with a new CCR**** > > ** ** > > I ahve a question **** > > ** ** > > when you use IIS to generate a CCR, if you cancel the request on the IIS > server after the CCR has been sent to the registrar so you can install a > certificate just to get the site back working, does that invalidate the CCR > generated certs?**** > > ** ** > > FYI the internal CA ones cant validate the DNS domain that the site is > accessed on.**** > > ** ** > > Thanks guys **** > > ** ** > > hopefully the Cert guy at corporate can resolve this.**** > > ** ** > > graeme**** > > ** ** > > ** ** > > ** ** > > On 29 June 2012 15:07, Brian Hintz <[email protected]> wrote:**** > > Check > > -- Good news everyone, you have just received an e-mail from me! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
