Ok sorry Thanks
Cerys never been my big thing always something that either just worked or Someone else did. Thanks for your help I'll give it a try Monday, Graeme On Saturday, 30 June 2012, Ken Schaefer wrote: > Hi,**** > > ** ** > > That’s not what I’m saying.**** > > ** ** > > What I’m saying is:**** > > **a) **If you delete the Pending Request (from either Certificates > MMC or using the IIS Wizard), then you lose the private key, and you can’t > import the certificate you get from Verisign and have it work. Instead, > you’ll only have the public key (in the cert), which isn’t enough for IIS > to be able to use the cert.**** > > **b) **You can use the old (expired) certificate on the website, > whilst generating a new Cert Request. When the cert comes from Verisign, > import it using the IIS Wizard, and switch over to using the new cert. > There is no need to “down” the website, whilst this is all happening.**** > > ** ** > > The alternative is to generate the cert request, and import, using the > Certificates MMC only. After you have imported the new cert, then tell IIS > to use the new cert.**** > > ** ** > > Provided that your users are able to get past the fact that the old > certificate has expired, you can continue using it whilst the renewal is > being handled.**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > *From:* Graeme Carstairs [mailto:[email protected] <javascript:_e({}, > 'cvml', '[email protected]');>] > *Sent:* Saturday, 30 June 2012 5:59 PM > *To:* NT System Admin Issues > *Subject:* Re: Weird SSL issues on existing IIS6 WSS 3 site**** > > ** ** > > Thanks Ken**** > > ** ** > > so as long as I use the cert manager rather than IIS We should be golden.* > *** > > I'll get on it Monday AM**** > > ** ** > > Graeme > > On Saturday, 30 June 2012, ken schaefer wrote:**** > > Hi, > > The old, working cert already has a private key in the cert store. You can > keep using that whilst you generate a new cert request, and submit it. > > When you get your new cert back, import it into the cert store, and then > switch over to using it. > > You can see what's happening by using the certificates MMC, alongside the > IIS Wizard. All the IIS wizard does is manipulate the Windows cert store. > If you cancel the request in IIS, it deletes the entry under Pending > Requests in the Certificates MMC, and you lose the private key. > > Sent from my Windows Phone**** > ------------------------------ > > *From: *Graeme Carstairs > *Sent: *30/6/2012 3:13 PM > *To: *NT System Admin Issues > *Subject: *Re: Weird SSL issues on existing IIS6 WSS 3 site**** > > Hi Ken, **** > > ** ** > > I replied that the SSL Diagnostic showed that the verisign Certs had no > private key, as did the internal corp CA issued one.**** > > and that I believed this was because we were breaking the CCR request due > to trying to keep the site running by generating the CCR and the reapplying > the old cert.**** > > ** ** > > Next step is to arrange a time with corporate to take the cert off, > generate CCR and leave the site down until I can get the new cert and > finish the request process.**** > > ** ** > > Graeme**** > > ** ** > > > > On Saturday, 30 June 2012, Ken Schaefer wrote:**** > > “We tried the SSL Diagnositcs (sic)”**** > > **** > > And the result was?**** > > **** > > when you use IIS to generate a CCR, if you cancel the request on the IIS > server after the CCR has been sent to the registrar so you can install a > certificate just to get the site back working, does that invalidate the CCR > generated certs?**** > > **** > > If you do this, you lose the matching private key – your newly received > certificate will not work**** > > **** > > FYI the internal CA ones cant validate the DNS domain that the site is > accessed on.**** > > **** > > This doesn’t even make sense. Can you think of a different way of > explaining this? Or posting the actual configuration you are using and > error(s) that you are seeing?**** > > **** > > As requested before, did you look in the Windows Event Logs and the > httperr.log files?**** > > **** > > Cheers > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected]<javascript:_e({}, > 'cvml', '[email protected]');> > with the body: unsubscribe ntsysadmin > -- Good news everyone, you have just received an e-mail from me! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
