Installing an existing GoDaddy SSL on another SBS box....

This is probably a dumb question; I'm pretty much an IIS moron. But I've got
a functional GoDaddy SSL cert installed and working on my own SBS box...and
I'm now moving that server to new hardware (well, technically, I'm
rebuilding it in a virtual server). It's a pretty vanilla install so far.
When I first ran the CEICW I just entered a bogus / placeholder self-signed
SSL cert - I now want to replace it with my real one so it's ready to go
when I do my cutover.

I installed the intermediate certificate properly, and then re-ran the CEICW
to install the main cert, thinking that would simply work, silly me! I got
an error that there was no pending request for the default website (there
wasn't, of course) so I prepared one. I did this by following the "official
SBS Blog" instructions, which are what I'd followed to order the cert in the
first place - I created a new website using the appropriate host.domain.com
name & got the certreq.txt generated.

The CEICW still wouldn't let me install the existing CRT file - same error.

I then tried removing the existing request from host.domain.com and running
the same request on the *default* website. Same error; no dice.

Abandoning the CEICW, I ran through the SBS blog instructions again &
recreated host.domain.com and prepared a new request. Then tried to go
through & assign the .crt file. That yielded "The pending request for this
response file was not found. This request my be canceled. You cannot install
selected response certificate using this Wizard"

I tried copying the certreq.txt from my existing server to the new one to
see if that made any difference - no dice.

When I've gotten third party certs before I've always created the
certreq.txt file on the server & run through it with the SSL cert provider
at ordering time - it's always worked fine that way. However, I've never
done anything like this after I've already *got* a valid certificate and
want to install it on a new box.

Q1: Do I have to go back to GoDaddy to get a new one issued for download,
just as though I'd never done this before?
Q2: Will that do anything bad to my existing, working SSL cert on the
as-of-yet production server?

I haven't run into this at a client site yet, but I'm sure it can and will
happen, and I'd like to know what the proper procedures are so I don't show
them what an IIS moron I am. Help!

Costas
Wed May 14 15:48:16 PDT 2008

The problem is that the certificate doesn't exist in the certificate store.

Run MMC and add the 'Certificates' snap-in for the 'Computer Account'.
Expand the 'Certificates' node, then 'Personal' and then 'Certificates'.
Right-click, select 'All Tasks', and 'Import'. Import the .crt file

Go to the web site in IIS Manager, 'Directory Security' tab, 'Server
Certificate' and then 'Assign an existing certificate'. Find the godaddy
certificate from the list.

See if that will do it.

--
Costas


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:%23Pai6ugtIHA.3804@TK2MSFTNGP02.phx.gbl...
> This is probably a dumb question; I'm pretty much an IIS moron. But I've
> got a functional GoDaddy SSL cert installed and working on my own SBS
> box...and I'm now moving that server to new hardware (well, technically,
> I'm rebuilding it in a virtual server). It's a pretty vanilla install so
> far. When I first ran the CEICW I just entered a bogus / placeholder
> self-signed SSL cert - I now want to replace it with my real one so it's
> ready to go when I do my cutover.
>
> I installed the intermediate certificate properly, and then re-ran the
> CEICW to install the main cert, thinking that would simply work, silly me!
> I got an error that there was no pending request for the default website
> (there wasn't, of course) so I prepared one. I did this by following the
> "official SBS Blog" instructions, which are what I'd followed to order the
> cert in the first place - I created a new website using the appropriate
> host.domain.com name & got the certreq.txt generated.
>
> The CEICW still wouldn't let me install the existing CRT file - same
> error.
>
> I then tried removing the existing request from host.domain.com and
> running the same request on the *default* website. Same error; no dice.
>
> Abandoning the CEICW, I ran through the SBS blog instructions again &
> recreated host.domain.com and prepared a new request. Then tried to go
> through & assign the .crt file. That yielded "The pending request for this
> response file was not found. This request my be canceled. You cannot
> install selected response certificate using this Wizard"
>
> I tried copying the certreq.txt from my existing server to the new one to
> see if that made any difference - no dice.
>
> When I've gotten third party certs before I've always created the
> certreq.txt file on the server & run through it with the SSL cert provider
> at ordering time - it's always worked fine that way. However, I've never
> done anything like this after I've already *got* a valid certificate and
> want to install it on a new box.
>
> Q1: Do I have to go back to GoDaddy to get a new one issued for download,
> just as though I'd never done this before?
> Q2: Will that do anything bad to my existing, working SSL cert on the
> as-of-yet production server?
>
> I haven't run into this at a client site yet, but I'm sure it can and will
> happen, and I'd like to know what the proper procedures are so I don't
> show them what an IIS moron I am. Help!
>
>

Lanwench
Thu May 15 16:51:06 PDT 2008

Costas <cpstechgroup@gmail.com> wrote:
> The problem is that the certificate doesn't exist in the certificate
> store.

Right. I had thought (assumed incorrectly) that the processes I was trying,
would *put* it there. ...

>
> Run MMC and add the 'Certificates' snap-in for the 'Computer Account'.
> Expand the 'Certificates' node, then 'Personal' and then
> 'Certificates'. Right-click, select 'All Tasks', and 'Import'. Import
> the .crt file

Ah....I hadn't done that.
>
> Go to the web site in IIS Manager, 'Directory Security' tab, 'Server
> Certificate' and then 'Assign an existing certificate'. Find the
> godaddy certificate from the list.
>
> See if that will do it.

I will - thanks, Costas.


>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:%23Pai6ugtIHA.3804@TK2MSFTNGP02.phx.gbl...
>> This is probably a dumb question; I'm pretty much an IIS moron. But
>> I've got a functional GoDaddy SSL cert installed and working on my
>> own SBS box...and I'm now moving that server to new hardware (well,
>> technically, I'm rebuilding it in a virtual server). It's a pretty
>> vanilla install so far. When I first ran the CEICW I just entered a
>> bogus / placeholder self-signed SSL cert - I now want to replace it
>> with my real one so it's ready to go when I do my cutover.
>>
>> I installed the intermediate certificate properly, and then re-ran
>> the CEICW to install the main cert, thinking that would simply work,
>> silly me! I got an error that there was no pending request for the
>> default website (there wasn't, of course) so I prepared one. I did
>> this by following the "official SBS Blog" instructions, which are
>> what I'd followed to order the cert in the first place - I created a
>> new website using the appropriate host.domain.com name & got the
>> certreq.txt generated. The CEICW still wouldn't let me install the
>> existing CRT file - same
>> error.
>>
>> I then tried removing the existing request from host.domain.com and
>> running the same request on the *default* website. Same error; no
>> dice. Abandoning the CEICW, I ran through the SBS blog instructions again
>> &
>> recreated host.domain.com and prepared a new request. Then tried to
>> go through & assign the .crt file. That yielded "The pending request
>> for this response file was not found. This request my be canceled.
>> You cannot install selected response certificate using this Wizard"
>>
>> I tried copying the certreq.txt from my existing server to the new
>> one to see if that made any difference - no dice.
>>
>> When I've gotten third party certs before I've always created the
>> certreq.txt file on the server & run through it with the SSL cert
>> provider at ordering time - it's always worked fine that way.
>> However, I've never done anything like this after I've already *got*
>> a valid certificate and want to install it on a new box.
>>
>> Q1: Do I have to go back to GoDaddy to get a new one issued for
>> download, just as though I'd never done this before?
>> Q2: Will that do anything bad to my existing, working SSL cert on the
>> as-of-yet production server?
>>
>> I haven't run into this at a client site yet, but I'm sure it can
>> and will happen, and I'd like to know what the proper procedures are
>> so I don't show them what an IIS moron I am. Help!

AllenM
Fri May 16 08:18:03 PDT 2008

LW,
I've been watching your post mainly because I was attempting to do the same
thing sort of. My goal was to use my godaddy ssl certificate for all my SSL
websites that include OWA, RWW, companyweb 2.0 and WSS 3.0 all on my SBS
2003 server. I had it all working without the godaddy certificate using the
self signed certificates created with SBS. All of this was done with the
help of Costas who I can't thank enough for getting me going on the right
track.
So I got the godaddy certificate and applied it to my WSS 3.0 website and it
wouldn't work mainly because the common name on the certificate was the same
common name as the self signed one I created in SBS. So here is what I did
to apply the godaddy certificate for all my ssl websites. hope this helps.

-I was able to browse /Exchange, /Remote, Sharepoint Companyweb on port 444
and WSS3.0 Team Site on port 5050 externally using a self signed
certificate.



-Went into IIS and created a temporary web site by the name "FQDN/common
name" and gave the host header as "FQDN/common name".



-Went into the properties of the web site "FQDN/common name" in IIS /
Directory Security TAB/ Server certificate.



-Ran through the Server Certificate wizard and requested for a new
certificate by the name "FQDN/common name" and saved the certificate request
in the location C:\Certreq3.txt



-ISA I had a Web publishing rule created for WSS 3.0 Team Site and was using
a custom web listener named WSS3.0 Web Listener.



-The WSS3.0 Web listener was listening on port 5050 for SSL.



-Made the WSS 3.0 Web Publishing rule to listen on SBS Web listener and
deleted that custom WSS3.0 Web listener.



-Applied the changes in ISA.



-Browsed to the GoDaddy website and Re-Keyed the certificate by entering the
information from the Certreq3.txt file and generated a new certificate by
the name "FQDN/common name" and

downloaded the two files with extensions .p7b and .crt saved to the server.




-Ran the CEICW wizard and enabled the firewall configuration and on the Web
Server Certificate screen and selected the option

>>USE A WEB SERVER CERTIFICATE FROM A TRUSTED AUTHORITY.



-Browsed to the location where I had downloaded and saved the certificate
and selected the certificate with extension .crt.



-Ran through the CEICW wizard and it completed successfully.



-Went into ISA and created a new custom web listener by the name WSS3.0 Web
Listener and made it to listen on 5050 SSL.



-I added the new godaddy certificate "FQDN/common name" to the WSS3.0 Web
Listener.



-Also made the WSS 3.0 Web Publishing rule to listen on WSS3.0 Web Listener
that I had created.



-Applied the changes in ISA.



-I can now browse /Exchange, /Remote, Sharepoint Companyweb 444 and WSS3.0
Team Site 5050 externally and internally and they all worked. No certificate
errors.




"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:%2398CTautIHA.3716@TK2MSFTNGP05.phx.gbl...
> Costas <cpstechgroup@gmail.com> wrote:
>> The problem is that the certificate doesn't exist in the certificate
>> store.
>
> Right. I had thought (assumed incorrectly) that the processes I was
> trying, would *put* it there. ...
>
>>
>> Run MMC and add the 'Certificates' snap-in for the 'Computer Account'.
>> Expand the 'Certificates' node, then 'Personal' and then
>> 'Certificates'. Right-click, select 'All Tasks', and 'Import'. Import
>> the .crt file
>
> Ah....I hadn't done that.
>>
>> Go to the web site in IIS Manager, 'Directory Security' tab, 'Server
>> Certificate' and then 'Assign an existing certificate'. Find the
>> godaddy certificate from the list.
>>
>> See if that will do it.
>
> I will - thanks, Costas.
>
>
>>
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
>> message news:%23Pai6ugtIHA.3804@TK2MSFTNGP02.phx.gbl...
>>> This is probably a dumb question; I'm pretty much an IIS moron. But
>>> I've got a functional GoDaddy SSL cert installed and working on my
>>> own SBS box...and I'm now moving that server to new hardware (well,
>>> technically, I'm rebuilding it in a virtual server). It's a pretty
>>> vanilla install so far. When I first ran the CEICW I just entered a
>>> bogus / placeholder self-signed SSL cert - I now want to replace it
>>> with my real one so it's ready to go when I do my cutover.
>>>
>>> I installed the intermediate certificate properly, and then re-ran
>>> the CEICW to install the main cert, thinking that would simply work,
>>> silly me! I got an error that there was no pending request for the
>>> default website (there wasn't, of course) so I prepared one. I did
>>> this by following the "official SBS Blog" instructions, which are
>>> what I'd followed to order the cert in the first place - I created a
>>> new website using the appropriate host.domain.com name & got the
>>> certreq.txt generated. The CEICW still wouldn't let me install the
>>> existing CRT file - same
>>> error.
>>>
>>> I then tried removing the existing request from host.domain.com and
>>> running the same request on the *default* website. Same error; no
>>> dice. Abandoning the CEICW, I ran through the SBS blog instructions
>>> again &
>>> recreated host.domain.com and prepared a new request. Then tried to
>>> go through & assign the .crt file. That yielded "The pending request
>>> for this response file was not found. This request my be canceled.
>>> You cannot install selected response certificate using this Wizard"
>>>
>>> I tried copying the certreq.txt from my existing server to the new
>>> one to see if that made any difference - no dice.
>>>
>>> When I've gotten third party certs before I've always created the
>>> certreq.txt file on the server & run through it with the SSL cert
>>> provider at ordering time - it's always worked fine that way.
>>> However, I've never done anything like this after I've already *got*
>>> a valid certificate and want to install it on a new box.
>>>
>>> Q1: Do I have to go back to GoDaddy to get a new one issued for
>>> download, just as though I'd never done this before?
>>> Q2: Will that do anything bad to my existing, working SSL cert on the
>>> as-of-yet production server?
>>>
>>> I haven't run into this at a client site yet, but I'm sure it can
>>> and will happen, and I'd like to know what the proper procedures are
>>> so I don't show them what an IIS moron I am. Help!
>
>
>

Lanwench
Sat May 17 11:16:52 PDT 2008

Lanwench [MVP - Exchange]
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:
> Costas <cpstechgroup@gmail.com> wrote:
>> The problem is that the certificate doesn't exist in the certificate
>> store.
>
> Right. I had thought (assumed incorrectly) that the processes I was
> trying, would *put* it there. ...
>
>>
>> Run MMC and add the 'Certificates' snap-in for the 'Computer
>> Account'. Expand the 'Certificates' node, then 'Personal' and then
>> 'Certificates'. Right-click, select 'All Tasks', and 'Import'. Import
>> the .crt file
>
> Ah....I hadn't done that.
>>
>> Go to the web site in IIS Manager, 'Directory Security' tab, 'Server
>> Certificate' and then 'Assign an existing certificate'. Find the
>> godaddy certificate from the list.
>>
>> See if that will do it.
>
> I will - thanks, Costas.
>

No dice. The import went fine, but as soon as I assigned the existing cert
from the list, OWA stopped working (page cannot be displayed). If I revert
to the bogus self-signed one, it's fine.

Any other ideas, Costas?



>>
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
>> message news:%23Pai6ugtIHA.3804@TK2MSFTNGP02.phx.gbl...
>>> This is probably a dumb question; I'm pretty much an IIS moron. But
>>> I've got a functional GoDaddy SSL cert installed and working on my
>>> own SBS box...and I'm now moving that server to new hardware (well,
>>> technically, I'm rebuilding it in a virtual server). It's a pretty
>>> vanilla install so far. When I first ran the CEICW I just entered a
>>> bogus / placeholder self-signed SSL cert - I now want to replace it
>>> with my real one so it's ready to go when I do my cutover.
>>>
>>> I installed the intermediate certificate properly, and then re-ran
>>> the CEICW to install the main cert, thinking that would simply work,
>>> silly me! I got an error that there was no pending request for the
>>> default website (there wasn't, of course) so I prepared one. I did
>>> this by following the "official SBS Blog" instructions, which are
>>> what I'd followed to order the cert in the first place - I created a
>>> new website using the appropriate host.domain.com name & got the
>>> certreq.txt generated. The CEICW still wouldn't let me install the
>>> existing CRT file - same
>>> error.
>>>
>>> I then tried removing the existing request from host.domain.com and
>>> running the same request on the *default* website. Same error; no
>>> dice. Abandoning the CEICW, I ran through the SBS blog instructions
>>> again &
>>> recreated host.domain.com and prepared a new request. Then tried to
>>> go through & assign the .crt file. That yielded "The pending request
>>> for this response file was not found. This request my be canceled.
>>> You cannot install selected response certificate using this Wizard"
>>>
>>> I tried copying the certreq.txt from my existing server to the new
>>> one to see if that made any difference - no dice.
>>>
>>> When I've gotten third party certs before I've always created the
>>> certreq.txt file on the server & run through it with the SSL cert
>>> provider at ordering time - it's always worked fine that way.
>>> However, I've never done anything like this after I've already *got*
>>> a valid certificate and want to install it on a new box.
>>>
>>> Q1: Do I have to go back to GoDaddy to get a new one issued for
>>> download, just as though I'd never done this before?
>>> Q2: Will that do anything bad to my existing, working SSL cert on
>>> the as-of-yet production server?
>>>
>>> I haven't run into this at a client site yet, but I'm sure it can
>>> and will happen, and I'd like to know what the proper procedures are
>>> so I don't show them what an IIS moron I am. Help!

Lanwench
Sat May 17 11:19:26 PDT 2008

AllenM <noreply@NoEmail.com> wrote:
> LW,
> I've been watching your post mainly because I was attempting to do
> the same thing sort of. My goal was to use my godaddy ssl certificate
> for all my SSL websites that include OWA, RWW, companyweb 2.0 and WSS
> 3.0 all on my SBS 2003 server. I had it all working without the
> godaddy certificate using the self signed certificates created with
> SBS. All of this was done with the help of Costas who I can't thank
> enough for getting me going on the right track.

I'm hoping he can get me there, too.

> So I got the godaddy certificate and applied it to my WSS 3.0 website
> and it wouldn't work mainly because the common name on the
> certificate was the same common name as the self signed one I created
> in SBS.

Mine's totally different :-(

> So here is what I did to apply the godaddy certificate for
> all my ssl websites. hope this helps.

<snipped for length>
>
> -Browsed to the GoDaddy website and Re-Keyed the certificate by
> entering the information from the Certreq3.txt file and generated a
> new certificate by the name "FQDN/common name" and
>
> downloaded the two files with extensions .p7b and .crt saved to the
> server.

This is what I think I'll have to do again, drat.
>
>
>
> -Ran the CEICW wizard and enabled the firewall configuration and on
> the Web Server Certificate screen and selected the option
>
>>> USE A WEB SERVER CERTIFICATE FROM A TRUSTED AUTHORITY.
>
>
>
> -Browsed to the location where I had downloaded and saved the
> certificate and selected the certificate with extension .crt.

This is what hadn't worked for me the first time (and which is why I
posted - Costas said I needed to import first, which I did, but it still
wouldn't work)
>
>
>
> -Ran through the CEICW wizard and it completed successfully.

<snipped for length>
> -I can now browse /Exchange, /Remote, Sharepoint Companyweb 444 and
> WSS3.0 Team Site 5050 externally and internally and they all worked.
> No certificate errors.

I'm still puttering with mine - I don't use ISA and I'm not trying to use
WSS 3, so I don't think mine should be as complex a setup as yours.

Thanks for posting, though - I do appreciate the reply.


>
>
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:%2398CTautIHA.3716@TK2MSFTNGP05.phx.gbl...
>> Costas <cpstechgroup@gmail.com> wrote:
>>> The problem is that the certificate doesn't exist in the certificate
>>> store.
>>
>> Right. I had thought (assumed incorrectly) that the processes I was
>> trying, would *put* it there. ...
>>
>>>
>>> Run MMC and add the 'Certificates' snap-in for the 'Computer
>>> Account'. Expand the 'Certificates' node, then 'Personal' and then
>>> 'Certificates'. Right-click, select 'All Tasks', and 'Import'.
>>> Import the .crt file
>>
>> Ah....I hadn't done that.
>>>
>>> Go to the web site in IIS Manager, 'Directory Security' tab, 'Server
>>> Certificate' and then 'Assign an existing certificate'. Find the
>>> godaddy certificate from the list.
>>>
>>> See if that will do it.
>>
>> I will - thanks, Costas.
>>
>>
>>>
>>>
>>> "Lanwench [MVP - Exchange]"
>>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
>>> message news:%23Pai6ugtIHA.3804@TK2MSFTNGP02.phx.gbl...
>>>> This is probably a dumb question; I'm pretty much an IIS moron. But
>>>> I've got a functional GoDaddy SSL cert installed and working on my
>>>> own SBS box...and I'm now moving that server to new hardware (well,
>>>> technically, I'm rebuilding it in a virtual server). It's a pretty
>>>> vanilla install so far. When I first ran the CEICW I just entered a
>>>> bogus / placeholder self-signed SSL cert - I now want to replace it
>>>> with my real one so it's ready to go when I do my cutover.
>>>>
>>>> I installed the intermediate certificate properly, and then re-ran
>>>> the CEICW to install the main cert, thinking that would simply
>>>> work, silly me! I got an error that there was no pending request
>>>> for the default website (there wasn't, of course) so I prepared
>>>> one. I did this by following the "official SBS Blog"
>>>> instructions, which are what I'd followed to order the cert in the
>>>> first place - I created a new website using the appropriate
>>>> host.domain.com name & got the certreq.txt generated. The CEICW
>>>> still wouldn't let me install the existing CRT file - same
>>>> error.
>>>>
>>>> I then tried removing the existing request from host.domain.com and
>>>> running the same request on the *default* website. Same error; no
>>>> dice. Abandoning the CEICW, I ran through the SBS blog instructions
>>>> again &
>>>> recreated host.domain.com and prepared a new request. Then tried to
>>>> go through & assign the .crt file. That yielded "The pending
>>>> request for this response file was not found. This request my be
>>>> canceled. You cannot install selected response certificate using
>>>> this Wizard" I tried copying the certreq.txt from my existing server to
>>>> the new
>>>> one to see if that made any difference - no dice.
>>>>
>>>> When I've gotten third party certs before I've always created the
>>>> certreq.txt file on the server & run through it with the SSL cert
>>>> provider at ordering time - it's always worked fine that way.
>>>> However, I've never done anything like this after I've already
>>>> *got* a valid certificate and want to install it on a new box.
>>>>
>>>> Q1: Do I have to go back to GoDaddy to get a new one issued for
>>>> download, just as though I'd never done this before?
>>>> Q2: Will that do anything bad to my existing, working SSL cert on
>>>> the as-of-yet production server?
>>>>
>>>> I haven't run into this at a client site yet, but I'm sure it can
>>>> and will happen, and I'd like to know what the proper procedures
>>>> are so I don't show them what an IIS moron I am. Help!

Costas
Sat May 17 13:43:02 PDT 2008

Hmmm.... I thought that would work without any issue. What you might want
to do is what Allen described. Call goDaddy SSL support (480-5050-8852) and
tell them you will be moving the certificate to a new server. They will
give you credit for issuing the certificate (so you don't have to pay) and
then you have to go through the process of creating a new one which you can
install. That would be the easiest way.

I read somewhere how to reassign the certificate to a new server and it was
the process I initially send you. I must have missed something though..

--
Costas


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:upRQzvEuIHA.1328@TK2MSFTNGP03.phx.gbl...
>
> No dice. The import went fine, but as soon as I assigned the existing cert
> from the list, OWA stopped working (page cannot be displayed). If I revert
> to the bogus self-signed one, it's fine.
>
> Any other ideas, Costas?
>

Lanwench
Sat May 17 16:31:21 PDT 2008

Costas <cpstechgroup@gmail.com> wrote:
> Hmmm.... I thought that would work without any issue. What you might
> want to do is what Allen described. Call goDaddy SSL support
> (480-5050-8852) and tell them you will be moving the certificate to a
> new server. They will give you credit for issuing the certificate
> (so you don't have to pay) and then you have to go through the
> process of creating a new one which you can install. That would be
> the easiest way.
> I read somewhere how to reassign the certificate to a new server and
> it was the process I initially send you. I must have missed something
> though..

Ah, too late - I'm all good now. As mentioned, I'm an IIS moron. I had to
have GoDaddy set me up to re-key the cert. I was thinking I could just
assign it because I had the file. But it didn't match the new server - so it
wouldn't work. I guess thismakes sense.

So, I'm good to go, and I learned something today. It makes my head hurt,
learning stuff. <scowl>
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:upRQzvEuIHA.1328@TK2MSFTNGP03.phx.gbl...
>>
>> No dice. The import went fine, but as soon as I assigned the
>> existing cert from the list, OWA stopped working (page cannot be
>> displayed). If I revert to the bogus self-signed one, it's fine.
>>
>> Any other ideas, Costas?

Costas
Sun May 18 09:46:44 PDT 2008

Glad to hear everything worked out.

--
Costas


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:OeBb1YHuIHA.4528@TK2MSFTNGP03.phx.gbl...
> Costas <cpstechgroup@gmail.com> wrote:
>> Hmmm.... I thought that would work without any issue. What you might
>> want to do is what Allen described. Call goDaddy SSL support
>> (480-5050-8852) and tell them you will be moving the certificate to a
>> new server. They will give you credit for issuing the certificate
>> (so you don't have to pay) and then you have to go through the
>> process of creating a new one which you can install. That would be
>> the easiest way.
>> I read somewhere how to reassign the certificate to a new server and
>> it was the process I initially send you. I must have missed something
>> though..
>
> Ah, too late - I'm all good now. As mentioned, I'm an IIS moron. I had to
> have GoDaddy set me up to re-key the cert. I was thinking I could just
> assign it because I had the file. But it didn't match the new server - so
> it wouldn't work. I guess thismakes sense.
>
> So, I'm good to go, and I learned something today. It makes my head hurt,
> learning stuff. <scowl>
>>
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
>> message news:upRQzvEuIHA.1328@TK2MSFTNGP03.phx.gbl...
>>>
>>> No dice. The import went fine, but as soon as I assigned the
>>> existing cert from the list, OWA stopped working (page cannot be
>>> displayed). If I revert to the bogus self-signed one, it's fine.
>>>
>>> Any other ideas, Costas?
>
>
>

AllenM
Mon May 19 12:49:23 PDT 2008

That was going to be my net suggestion after reading Costas's last
suggestion. Instead of trying to move it to a new server just go to godaddy
and re-key the existing one. That's what I had to do even though I didn't
move to a different server.


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:OeBb1YHuIHA.4528@TK2MSFTNGP03.phx.gbl...
> Costas <cpstechgroup@gmail.com> wrote:
>> Hmmm.... I thought that would work without any issue. What you might
>> want to do is what Allen described. Call goDaddy SSL support
>> (480-5050-8852) and tell them you will be moving the certificate to a
>> new server. They will give you credit for issuing the certificate
>> (so you don't have to pay) and then you have to go through the
>> process of creating a new one which you can install. That would be
>> the easiest way.
>> I read somewhere how to reassign the certificate to a new server and
>> it was the process I initially send you. I must have missed something
>> though..
>
> Ah, too late - I'm all good now. As mentioned, I'm an IIS moron. I had to
> have GoDaddy set me up to re-key the cert. I was thinking I could just
> assign it because I had the file. But it didn't match the new server - so
> it wouldn't work. I guess thismakes sense.
>
> So, I'm good to go, and I learned something today. It makes my head hurt,
> learning stuff. <scowl>
>>
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
>> message news:upRQzvEuIHA.1328@TK2MSFTNGP03.phx.gbl...
>>>
>>> No dice. The import went fine, but as soon as I assigned the
>>> existing cert from the list, OWA stopped working (page cannot be
>>> displayed). If I revert to the bogus self-signed one, it's fine.
>>>
>>> Any other ideas, Costas?
>
>
>

Dean
Fri May 23 13:00:49 PDT 2008

You can export the certificate from the old server and import it to
the new one. This has to be done using the certificates snap-in and it
is a good idea to have your certificate exported and password
protected (in a safe location =96 like an USB drive) in case you have to
recover the server.

The specific part is when you import the certificate (again you have
to use the certificates snap-in). When you view the certificate you
can see whether there are intermediate certificates which you will
need too. In the case with GoDaddy Turbo SSL certificate, you need
GoDaddy intermediate and cross-intermediate certificates.
It is vital to import first these two certificates before you import
your SSL certificate. You have downloaded GoDaddy intermediate
certificates when you activated and confirmed the SSL credit and they
were both included in a single pb7 file. That file has to be stored
together with your SSL certificate for recovery purposes. If you have
lost it you can download the intermediate and cross-intermediate
certificates from the page with GoDaddy=92s public certificates. This is
demonstrated in Step4 (SSL certificate troubleshooting) in the
following Video:
http://www.netometer.com/video/tutorials/godaddy-ssl-certificate/index.php

Exporting and importing a certificate is useful not only when you
recover a server but also when you migrate one =96 for example you
change the OS to Windows 2008 and start using IIS7 for your web site.

Regards,

Dean

PS: Usually you can re-key only two times.

Costas
Fri May 23 13:26:53 PDT 2008

I knew there was a way but I was forgetting something. It was the part
exporting from the certificates snap-in.

Thanks

--
Costas


"Dean" <google@netometer.net> wrote in message
news:57c96b90-5700-49dd-9cf8-6f165d480259@s21g2000prm.googlegroups.com...
You can export the certificate from the old server and import it to
the new one. This has to be done using the certificates snap-in and it
is a good idea to have your certificate exported and password
protected (in a safe location ? like an USB drive) in case you have to
recover the server.

The specific part is when you import the certificate (again you have
to use the certificates snap-in). When you view the certificate you
can see whether there are intermediate certificates which you will
need too. In the case with GoDaddy Turbo SSL certificate, you need
GoDaddy intermediate and cross-intermediate certificates.
It is vital to import first these two certificates before you import
your SSL certificate. You have downloaded GoDaddy intermediate
certificates when you activated and confirmed the SSL credit and they
were both included in a single pb7 file. That file has to be stored
together with your SSL certificate for recovery purposes. If you have
lost it you can download the intermediate and cross-intermediate
certificates from the page with GoDaddy?s public certificates. This is
demonstrated in Step4 (SSL certificate troubleshooting) in the
following Video:
http://www.netometer.com/video/tutorials/godaddy-ssl-certificate/index.php

Exporting and importing a certificate is useful not only when you
recover a server but also when you migrate one ? for example you
change the OS to Windows 2008 and start using IIS7 for your web site.

Regards,

Dean

PS: Usually you can re-key only two times.