Hi!

This issue is regarding an Exchange-server with IIS and OWA.
Windows Server 2003 SP1 and Exchange SP2.

We obtained a public CA from VeriSign.
It worked fine from clients like IE6, but not from mobile devices and
ActiveSync. So the mobilephone-manufacterer adviced this:
"In response to your query, it looks like the certificate on the exchange
server is invalid. Is it possible for the I.T department to install a new
certificate. Sometimes through webmail, it overides the old certificate
whereas on the device it will not let you proceed."

So I anassigned the certificate from the default website and then deleted
all items from "Personal certificates" in the certificates MMC, and then
imported the certificate from VeriSign. After that I assigned the certificate
to the default web site in IIS.
Now SSL doesn`t work at all and this is found in the eventviewer:
http://support.microsoft.com/kb/824035

I have the certificate request sent to the CA and the certificate I got back
from them.
Obvoiusly the private key is missing.
How can this be fixed?

Obviously the new cert you installed, is not a complete cert (without
private key)

Do you have a backup of the cert in pfx format? which you exported the
private keys also?

if not, I think you need to recreate the pending request, then complete the
process by deploying
the cert from CA to that corresponding pending request.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"jering" <jering [at] discussions.microsoft.com> wrote in message
news:149A544C-1970-4FD1-97CA-64F00DFFC748 [at] microsoft.com...
> Hi!
>
> This issue is regarding an Exchange-server with IIS and OWA.
> Windows Server 2003 SP1 and Exchange SP2.
>
> We obtained a public CA from VeriSign.
> It worked fine from clients like IE6, but not from mobile devices and
> ActiveSync. So the mobilephone-manufacterer adviced this:
> "In response to your query, it looks like the certificate on the exchange
> server is invalid. Is it possible for the I.T department to install a new
> certificate. Sometimes through webmail, it overides the old certificate
> whereas on the device it will not let you proceed."
>
> So I anassigned the certificate from the default website and then deleted
> all items from "Personal certificates" in the certificates MMC, and then
> imported the certificate from VeriSign. After that I assigned the
> certificate
> to the default web site in IIS.
> Now SSL doesn`t work at all and this is found in the eventviewer:
> http://support.microsoft.com/kb/824035
>
> I have the certificate request sent to the CA and the certificate I got
> back
> from them.
> Obvoiusly the private key is missing.
> How can this be fixed?

Hello,


Export the Cert from a working server and make sure that you check the box
during the export that says "Make Private Key Exportable"

"jering" wrote:

> Hi!
>
> This issue is regarding an Exchange-server with IIS and OWA.
> Windows Server 2003 SP1 and Exchange SP2.
>
> We obtained a public CA from VeriSign.
> It worked fine from clients like IE6, but not from mobile devices and
> ActiveSync. So the mobilephone-manufacterer adviced this:
> "In response to your query, it looks like the certificate on the exchange
> server is invalid. Is it possible for the I.T department to install a new
> certificate. Sometimes through webmail, it overides the old certificate
> whereas on the device it will not let you proceed."
>
> So I anassigned the certificate from the default website and then deleted
> all items from "Personal certificates" in the certificates MMC, and then
> imported the certificate from VeriSign. After that I assigned the certificate
> to the default web site in IIS.
> Now SSL doesn`t work at all and this is found in the eventviewer:
> http://support.microsoft.com/kb/824035
>
> I have the certificate request sent to the CA and the certificate I got back
> from them.
> Obvoiusly the private key is missing.
> How can this be fixed?