No announcement yet.

Nuked owa while installing GoDaddy cert

  • Filter
  • Time
  • Show
Clear All
new posts

  • Nuked owa while installing GoDaddy cert

    I don't know much about IIS but I have succesfully ordered and installed a cert on IIS 6 before.
    This time I am working on a server 2008r2 with Exchange 2010 installed. OWA was working fine until I installed the certificate that I bought from go daddy using these instructions:
    To Install Your SSL on Microsoft IIS 7
    1. From the Start menu, click Run....
    2. Type mmc, and then click OK. The Microsoft Management Console (Console) window opens.
    3. In the Console window, click the File menu and select Add/Remove Snap-in. The Add or Remove Snap-ins window displays.
    4. Select Certificates, and then click Add.
    5. Select Computer Account, and then click Next.
    6. Select Local Computer, and then click Finish.
    7. Click OK.
    8. In the Console window, expand the Certificates folder on the left.
    9. Right-click Intermediate Certification Authorities, mouse-over All Tasks, then click Import.
    10. In the Certificate Import Wizard, click Next.
    11. Click Browse to find the intermediate certificate file.
    12. Change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7b file, and then click Open.
    NOTE: Do not install your Leaf Certificate in this area. Doing so removes your certificate from the list, and you must reinstall to correct the problem.
    1. Click Next.
    2. Select Place all certificates in the following store.
    3. Click Browse, select Intermediate Certification Authorities, and then click Next.
    4. Click Finish.
    5. Close the Console window.
    6. From the Start menu, go to Administrative Tools and click Internet Services Manager.
    7. Click the server name on the left.
    8. Double click Server Certificates.
    9. From the Actions panel on the right, click Complete Certificate Request...
    10. Enter the location for the certificate file. The file extension might be .txt or .crt instead of .cer (search for all files).
    11. Enter a Friendly name for the certificate file, and then click OK.
    12. In the Internet Information Services Manager window, select the name of the server where you installed the certificate.
    13. Under Sites, select the site to be secured with the SSL certificate.
    14. In the Actions panel on the right, click Bindings...
    15. Click Add...
    16. In Add Site Binding:
      • For Type, select https.
      • For IP address, select All Unassigned, or the IP address of the site.
      • For Port, type 443.
      • Select the SSL certificate you just installed, and then click OK.
    17. Click Close.
    18. Close the Internet Information Services (IIS) Manager.
    Now SSL does not respond. Every time I try to load it, it times out. In fact even the default IIS 7 web page doesn't come up. I tried putting all the settings back but I still haven't been able to make it work. I restarted IIS after making changes and still no joy.

  • #2
    Re: Nuked owa while installing GoDaddy cert

    Moving this to Exchange forum as better location
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Nuked owa while installing GoDaddy cert

      Do you get an error? If so what does it say? Does hhtp work?


      • #4
        Re: Nuked owa while installing GoDaddy cert

        The problem was using IIS to install the certificate.
        While the instructions you have followed are correct for an IIS installation, for Exchange, they are wrong.

        Furthermore, if you have just bought a single name SSL certificate, that isn't really suitable for Exchange 2010 use, you need a Unified Communications, aka SAN, aka Multiple name certificate.

        You then create the SSL certificate request and installation through Exchange, not IIS.

        GoDaddy have instructions here:

        You need to have at least four names on the certificate: (common name)
        server.internal.local (server's internal FQDN)
        server (server's NETBIOS)

        The SSL wizard also puts in which isn't required.

        (where is your external domain name, and internal.local is your internal Windows domain).

        Once you have the SSL certificate response back, follow these instructions to install it:

        That covers JUST the SSL certificate installation. Due to the way that Exchange works, there are other configuration changes required for it to work correctly. You may well be best to get a good Exchange consultant in to ensure the server is configured correctly.

        Simon Butler
        Exchange MVP

        More Exchange Content:
        Exchange Resources List:
        In the UK? Hire me:

        Sembee is a registered trademark, used here with permission.