Hi Team! All! I'm just googled to death and need help on this one.
Server 2003 Exchange 2003 Latest patches...all of them.. Last year I generated cert requests with the certutil -new myserver.inf myservers.req When generating the certificate I use extendedKeyUsage = 1.3.6.1.5.5.7.3.1 for Server authentication. An importing the certificate everything worked fine. fast forward July 2006 and I had a couple of Windows 2003 servers that needed certs. While following the process I had set up from last year. I had trouble and found out that I can't use the -new flag with certutil.exe. I tried a few suggestions from google research, some variants for generating request while leaving the private key in the key store actually worked to make the request. But once again I had trouble after importing certificates. The Windows certificate manager would show the certificate as being accepted and good. But on closer inspection I saw that Windows could not fine the private key to match the certificate. This lead me to believe some sort of key indexing was going on, though I have no idea how. I decide to create the key, req and cert then package key and cert in a PKCS12/pfx file. This time certificate manager shows the certificate as good and matching. On testing SLDAP everything worked fine. fast forward to the present.. None of the procedures I listed above will work. Cert manager shows the certificate as good and matching but I can not get a connection to imaps 993 or pops 593. If I over write the certutil from the adminpack 1 I can use the -new flag but the certificate show an un-matching private key message. When using openssl s_client -debug -connect I get the following read from 0x9d62d98 [0x9d68340] (7 bytes => 0 (0x0)) 25945:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: The only thing that appears in Event viewer is the following IMAP4SVC: Event ID: 1055 The server certificate for instance '1' could not be retrieved because it could not be found in a certificate store; the error encountered was '0x80092004' I'm still researching the meaning of this message but I think its pretty clear something is going on with the way the private key is being handled. If anyone has another procedure that works for them I would very much appreciate knowing about it! cheers! If you want to know who "THE MAN" is and why he's holding us down. I have to words for you "Windows" and "Proprietary". ____________________________________________________________________________________ Sponsored Link Mortgage rates near 39yr lows. $420k for $1,399/mo. Calculate new payment! www.LowerMyBills.com/lre ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
