Troubleshooting: Host headers in Microsoft Server 2008 IIS 7.0 & 7.5

Depending on your environment you may have the following Issues: Website A is coming up as website B. Unable to assign a certificate due to another website using the same IP or Port. Host Name when binding the certificate is grayed out. Using Host Headers requires that the following conditions are met: You must be using either a Wildcard or a SAN certificate The website address being used must meet the following. Include as a SAN value on the certificate. The Common Name (CN) of the certificate Be Covered by a wildcard Only one certificate can be used for a given IP address and port combination The friendly name of the certificate must have the wildcard * attribute in order […]

Read More

How to move certificate from Windows to Citrix Netscaler.

Windows servers use .pfx/.p12 files to contain the public key file (SSL Certificate) and its unique private key file. The Certificate Authority (CA) provides you with your SSL Certificate (public key file). You use your server to generate the associated private key file where the CSR was created. You need both the public key and private keys for an SSL certificate to work properly on any system. Windows uses the pfx/p12 file to contain these two keys; therefore, if you need to transfer your SSL certificate from one server to another or store it someplace for safe keeping you need to create a .pfx backup. Citrix Netscaler is an Apache type system that uses pem/x509 certificate formates for encryption and […]

Read More

How to move SSL Certificate from IIS 8 to IIS 8

Windows servers use .pfx/.p12 files to contain the public key file (SSL Certificate) and its unique private key file. The Certificate Authority (CA) provides you with your SSL Certificate (public key file). You use your server to generate the associated private key file where the CSR was created. You need both the public key and private keys for an SSL certificate to work properly on any system. Windows uses the pfx/p12 file to contain these two keys; therefore, if you need to transfer your SSL certificate from one server to another or store it someplace for safe keeping you need to create a .pfx backup. To backup, export, and move a SSL certificate from Windows IIS 8 to IIS 8 […]

Read More

Troubleshooting: At least one other site is using Https binding and the binding is configured with a different certificate.

In Windows Internet Information Services (IIS) you may receive the following error when assigning a certificate to a site binding. “At least one other site is using the same HTTPS binding and the binding is configured with a different certificate. are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the new certificate?” This warning message occurs due to the following: Only one certificate can be used for a given IP address and port combination. Multiple websites on the server are using the same IP and port regardless of using multiple certificates. Resolution: In this situation the resolutions can be the following.. Assign each site a different public IP address in the […]

Read More

Troubleshooting: Assigning a friendly name to an SSL Certificate in Windows

Microsoft Management Console (MMC) is the management console that is used to configure, manipulate, create, and fix services on a windows system in the back end that you probably wont be able to do with any front end application. It is used heavily to troubleshoot matters related to SSL certificates on Windows systems. If you need to assign or change the friendly name to a certificate perform the following: Step 1:  Create an MMC Snap-in for Managing Certificates on a Windows server system: Start > run > MMC. Go into the Console Tab > File > Add/Remove Snap-in. Click on Add > Click on Certificates and click on Add. Choose Computer Account > Next.Note: When troubleshooting browser certificates such as client certificates, email signing certificates, […]

Read More

Microsoft Active Directory LDAP – SSL Guide

Microsoft Active Directory (AD) Lightweight Directory Access Protocol (LDAP) server system does not include an easy GUI method to create a CSR. The following guide includes typical recommendations for you to successfully enroll and implement an SSL certificate pfx file needed for your AD LDAP. Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012. The typical procedure is as follows. Generate the CSR for your SSL certificate from one of the following methods. If you have a server system that has Windows Internet Information Services Manager IIS. CSR generation instructions for IIS 7 – 7.5 systems. CSR generation instructions for IIS 8 -8.5 systems. Generate the CSR using Portecle Keypair creation and manipulation tool. After the SSL certificate has been […]

Read More

Troubleshooting: Missing Private key in Windows Servers

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. With Microsoft systems the private key is hidden away and will only appear once the CSR pending request has been completed. When using Exchange to process the pending request and install a SSL certificate there should be a option available to do this. Typically if there is no option to “complete” the pending request it usually means the following. The CSR was never created on the exchange system that you are currently on. Note: If the […]

Read More

How to create a MMC Snap-In for troubleshooting certificates.

Microsoft Management Console (MMC) is the management console that is used to configure, manipulate, create, and fix services on a windows system in the back end that you probably wont be able to do with any front end application. It is used heavily to troubleshoot matters related to SSL certificates on Windows systems. Open up a MMC snap in by performing the instructions below. Step 1:  Create an MMC Snap-in for Managing Certificates on a Windows server system: Start > run > MMC. Go into the Console Tab > File > Add/Remove Snap-in. Click on Add > Click on Certificates and click on Add. Choose Computer Account > Next. Note: When troubleshooting browser certificates such as client certificates, email signing certificates, CodeSigning, etc.. you will choose […]

Read More