Troubleshooting: Exchange – Unable to open OWA, ECP, or EMS after a self-signed certificate is removed from the Exchange Back End Website

Consider the following scenario when you are using Microsoft Exchange Server 2013 or Microsoft Exchange Server 2016: You remove the Microsoft Exchange Self-Signed certificate from the Exchange Back End Website by using Certificates MMC, Remove-Exchangecertificate, IIS Manager or another method. You clear the IIS cache by restart or IISReset. You are installing a new SSL Certificate to your Exchange system. In this scenario, several client protocols such as ECP, OWA, ActiveSync and Exchange Management Shell cannot connect. The following issues may occur: OWA and ECP display a blank page. ActiveSync users cannot receive emails. Exchange Management Shell will cannot connect and displays the following Error: New-PSSession : [dc.local.mcrlegal.com] Processing data from remote server dc.local.mcrlegal.com failed with the following error message: […]

Read More

How To Enable Or Import A Root Certifciate In Windows Systems Using MMC.

Depending on the circumstance you may be getting mixed results of browser certificate trust or for whatever reason are experiencing an issue with Cross Root Certificates or warning of not fully trusting a chaining root. Cross Root Certificate where used back in the day by some Certificate Authorities to help certificate trust to older outdated server systems, but due to liability of allowing certificate trust to these systems that practice is no longer practiced. SSL Certificates are now used to modernize and update industry standards not give loop wholes around staying secure. To bypass a Cross Root Certificate warning it is a matter of making sure a new updated root is installed on the system in question and that all purposes […]

Read More

Troubleshooting: Host headers in Microsoft Server 2008 IIS 7.0 & 7.5

Depending on your environment you may have the following Issues: Website A is coming up as website B. Unable to assign a certificate due to another website using the same IP or Port. Host Name when binding the certificate is grayed out. Using Host Headers requires that the following conditions are met: You must be using either a Wildcard or a SAN certificate The website address being used must meet the following. Include as a SAN value on the certificate. The Common Name (CN) of the certificate Be Covered by a wildcard Only one certificate can be used for a given IP address and port combination The friendly name of the certificate must have the wildcard * attribute in order […]

Read More

How to move certificate from Windows to Citrix Netscaler.

Windows servers use .pfx/.p12 files to contain the public key file (SSL Certificate) and its unique private key file. The Certificate Authority (CA) provides you with your SSL Certificate (public key file). You use your server to generate the associated private key file where the CSR was created. You need both the public key and private keys for an SSL certificate to work properly on any system. Windows uses the pfx/p12 file to contain these two keys; therefore, if you need to transfer your SSL certificate from one server to another or store it someplace for safe keeping you need to create a .pfx backup. Citrix Netscaler is an Apache type system that uses pem/x509 certificate formates for encryption and […]

Read More

How to move a certificate from Exchange to Apache

Depending on your network you may have to move your SSL/TLS server certificate and its private key from one system to another. This article covers how to move your server certificate, and its private key from Exchange that uses a single pfx/p12/pkcs#12 file to Apache that uses separate .pem,.crt, key files. This will require a conversion using OpenSSL that is on the Apache System. You need both the public key and private keys for an SSL certificate to work properly on any system. Windows uses the pfx/p12 file to contain these two keys; therefore, if you need to transfer your SSL certificate from one server to another or store it someplace for safe keeping you need to create a .pfx backup. Apache systems […]

Read More

How to move certificate from Exchange to Tomcat

Windows servers use .pfx/.p12 (pkcs#12) files to contain the public key file (SSL Certificate) and its unique private key file. The Certificate Authority (CA) provides you with your SSL Certificate (public key file). You use your server to generate the associated private key file where the CSR was created. You need both the public key and private keys for an SSL certificate to work properly on any system. Windows uses the pfx/p12 file to contain these two keys; therefore, if you need to transfer your SSL certificate from one server to another or store it someplace for safe keeping you need to create a .pfx backup. Depending on the type of Tomcat system you have you may have to perform […]

Read More

Troubleshooting: “Cannot find the certificate request that is associated with this certificate file.”

In Windows IIS, and Exchange systems you may receive the following error message when attempting the installation of a digital certificate. “The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response certificate using this Wizard.” Or “Cannot Find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created.” This error message occurs due to one or a combination of the following: Its a glitch that can happen from time to time on IIS server 2008 series. The certificate file is formatted incorrectly or the wrong extension file is being used for the installation. The CSR for this certificate […]

Read More

Troubleshooting: Error: “The certificate is invalid for Exchange Server usage”

In Windows Exchange systems you may receive the following error message after the installation of a digital certificate. “The certificate is invalid for exchange server usage”   This warning message occurs due to the following: The SSL certificate cannot be verified to a trusted certificate authority. The SSL certificate that was installed is missing its intermediate CA certificate that helps chain the trust to the root certificate on that system. Resolution: You will have to manually install the correct intermediate CA certificate that goes with your SSL certificate product. Contact your Certificate Authority (CA) for this supplementary certificate. Note: If you purchased your Standard SSL Certificate product from the following CA’s Symantec, GeoTrust, Thawte or RapidSSL you can find the links directly to […]

Read More

How to move SSL Certificate from Exchange to Mac OS X

Windows servers use PKCS#12 – .pfx/.p12 files to contain the public key file (SSL Certificate) and its unique private key file. The Certificate Authority (CA) provides you with your SSL Certificate (public key file). You use your server to generate the associated private key file where the CSR was created. You need both the public key and private keys for an SSL certificate to work properly on any system. Windows uses the pfx/p12 file to contain these two keys; therefore, if you need to transfer your SSL certificate from one server to another or store it someplace for safe keeping you need to create a .pfx/.p12 backup. To backup, export, and move an SSL certificate from Windows Exchange  to Mac […]

Read More

Troubleshooting: Assigning a friendly name to an SSL Certificate in Windows

Microsoft Management Console (MMC) is the management console that is used to configure, manipulate, create, and fix services on a windows system in the back end that you probably wont be able to do with any front end application. It is used heavily to troubleshoot matters related to SSL certificates on Windows systems. If you need to assign or change the friendly name to a certificate perform the following: Step 1:  Create an MMC Snap-in for Managing Certificates on a Windows server system: Start > run > MMC. Go into the Console Tab > File > Add/Remove Snap-in. Click on Add > Click on Certificates and click on Add. Choose Computer Account > Next.Note: When troubleshooting browser certificates such as client certificates, email signing certificates, […]

Read More