Troubleshooting: Host headers in Microsoft Server 2008 IIS 7.0 & 7.5

Depending on your environment you may have the following Issues: Website A is coming up as website B. Unable to assign a certificate due to another website using the same IP or Port. Host Name when binding the certificate is grayed out. Using Host Headers requires that the following conditions are met: You must be using either a Wildcard or a SAN certificate The website address being used must meet the following. Include as a SAN value on the certificate. The Common Name (CN) of the certificate Be Covered by a wildcard Only one certificate can be used for a given IP address and port combination The friendly name of the certificate must have the wildcard * attribute in order […]

Read More

Server 2003 IIS 6 – CSR/Install Instructions for Renewals without removing the existing certificate

Issue Condition: To generate a new CSR without removing the current certificate, a Temporary Dummy website can be created. This workaround will apply for Microsoft IIS 6 server 2003 that currently have certificates installed on their website, but a new CSR with a new key-bit length or different information in the Distinguished Name needs to be created. Creating a temporary website allows you to keep the current certificate active on the site while another certificate request is pending. After installing the certificate on the temporary web site, it can be applied to the production web site. On Windows type systems PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system and […]

Read More

Troubleshooting: “Cannot find the certificate request that is associated with this certificate file.”

In Windows IIS, and Exchange systems you may receive the following error message when attempting the installation of a digital certificate. “The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response certificate using this Wizard.” Or “Cannot Find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created.” This error message occurs due to one or a combination of the following: Its a glitch that can happen from time to time on IIS server 2008 series. The certificate file is formatted incorrectly or the wrong extension file is being used for the installation. The CSR for this certificate […]

Read More

Troubleshooting: Error: “The certificate is invalid for Exchange Server usage”

In Windows Exchange systems you may receive the following error message after the installation of a digital certificate. “The certificate is invalid for exchange server usage”   This warning message occurs due to the following: The SSL certificate cannot be verified to a trusted certificate authority. The SSL certificate that was installed is missing its intermediate CA certificate that helps chain the trust to the root certificate on that system. Resolution: You will have to manually install the correct intermediate CA certificate that goes with your SSL certificate product. Contact your Certificate Authority (CA) for this supplementary certificate. Note: If you purchased your Standard SSL Certificate product from the following CA’s Symantec, GeoTrust, Thawte or RapidSSL you can find the links directly to […]

Read More

Troubleshooting: At least one other site is using Https binding and the binding is configured with a different certificate.

In Windows Internet Information Services (IIS) you may receive the following error when assigning a certificate to a site binding. “At least one other site is using the same HTTPS binding and the binding is configured with a different certificate. are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the new certificate?” This warning message occurs due to the following: Only one certificate can be used for a given IP address and port combination. Multiple websites on the server are using the same IP and port regardless of using multiple certificates. Resolution: In this situation the resolutions can be the following.. Assign each site a different public IP address in the […]

Read More

Troubleshooting: Assigning a friendly name to an SSL Certificate in Windows

Microsoft Management Console (MMC) is the management console that is used to configure, manipulate, create, and fix services on a windows system in the back end that you probably wont be able to do with any front end application. It is used heavily to troubleshoot matters related to SSL certificates on Windows systems. If you need to assign or change the friendly name to a certificate perform the following: Step 1:  Create an MMC Snap-in for Managing Certificates on a Windows server system: Start > run > MMC. Go into the Console Tab > File > Add/Remove Snap-in. Click on Add > Click on Certificates and click on Add. Choose Computer Account > Next.Note: When troubleshooting browser certificates such as client certificates, email signing certificates, […]

Read More

Troubleshooting: Checking SSL installation with a browser

After you have installed your SSL certificate you may want to check installation. There ware two ways to go about checking its installation. By using a browser. This article will show case Google Chrome. By SSL Checker. See our article Troubleshooting: SSL with Qualys SSL Labs – SSL Checker to learn more. Lets get started.. Using Chrome: type in https://yourdomain.com (use the actual domain you want to check) you should see a pad lock to the left of the “Https.” Note: If you do not see a padlock or see a yellow exclamation point where the padlock would be, this may be due to Mixed or Insecure content. To troubleshoot this review troubleshooting article Troubleshooting: Unsecured or Mixed Content. If you do see […]

Read More

Java Keytool Commands

Keytool is a tool used by Java systems to configure and manipulate Keystores. The following are a list of  commands that allow you to generate a new Java  keystore file, create a CSR, import certificates, convert, and check keystores. The Italic parts in the conversions below are examples of you own files, or your own unique naming conventions. Keep track of all your files, alias’s, and passwords. Generating: Generate a Java keystore and key pair: keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 Generate a certificate signing request (CSR) for an existing Java keystore:  keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr Generate a keystore and self-signed certificate: keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity […]

Read More

OpenSSL Commands

OpenSSL is used for many things other than running encryption on a website. It is also used for the generation of CSR keypairs, and more importantly within this article converting. The Italic parts in the conversions below are examples of you own files, or your own unique naming conventions adapt these Italic name examples to your own files names for openssl commands. Note: .pem, .cer, crt. are all the same type of x509/pem certificate only with different extensions. Obtain OpenSSL: Note: In order for OpenSSL software successfully installed on a computer system. You must have local system administrator privilege on the computer. Download and install OpenSSL to perform a certificate conversion. Windows Linux Use the following OpenSSL commands to convert SSL […]

Read More

Troubleshooting: Ciphers, Protocols, or SSL with Qualys SSL Labs – SSL Checker

There are many SSL checkers out there which are used to check the validity and installation of a websites SSL Certificate. Majority of these checkers may vary on the information that they display or may have limitations, as they only perform their function as programmed. Aside from using an SSL Checker tool there is always the manual way of using your browser to check proper installations. If you would like to learn how to check using a browser SSLSupportDesk features such an article Troubleshooting: Checking SSL installation with a browser. Some SSL Checkers are extremely advanced and will not only check the validity of a SSL certificate, but can also point out flaws in a server’s configuration or software.  Qualys […]

Read More