Re: Exchange 2007 Certificate issues - internal domain name causes pro

Tech-Archive recommends: Speed Up your PC by fixing your registry

I have tried using a GoDaddy UCC certificate but was never able to get it to
install properly because the private key was not included on the returned
certificate.

- The server's private key is never included in certificates. It is generated on your server during the certificate request and stays there. The Public Key is what is sent to the CA and included in the certificate issued by it.
- Not relevant to your situation, but the only time you need a cert with a private key is when you're moving the certificate to another computer (or backing up, rebuilding the server, etc... ). This is an option when you export the certificate from your computer.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------



"Craig_96" <Craig96@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:EC7AE614-396C-415D-AE2A-EC410AC27E0A@xxxxxxxxxxxxxxxx
Background:
I have an exchange 2007 server that is setup and working correctly, however
I am looking at options for a SSL certificate to help ease connectivity
issues. The biggest problem is the former IT guy has given their internal
domain name an external domain name that they do not own. (someone else has
it and will not sell). They do own an external domain name but it is not
referenced to the internal network.

I have tried using a GoDaddy UCC certificate but was never able to get it to
install properly because the private key was not included on the returned
certificate. I even got with Microsoft to verify I was sending the private
key out. I am grateful that GoDaddy did refund the money.

Question:
What is the best possible solution to getting the signed SSL certificate
working in this environment?

I would also like to get the autodiscover working for both internal and
external computers.

Anyone have any suggestions?



.

Relevant Pages

  • Re: Private key generation
    ... As I wrote in my first answer to that thread - there are many situations when key pair is generated on trusted server. ... identity based encryption) simply requires generation of private key on server... ... High assurance keys (especially these that afterward are split in multiple shares using secret sharing schemes) may also require use of specialized equipment and computers that runs in a tempest/EM shielded locations. ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
    (microsoft.public.dotnet.security)
  • Re: Certificate key access under Network Service in IIS 6
    ... Haven't done that because I've been remoted in to the customer's server. ... It is likely the private key file but might be a registry key as well. ... I can get the signing process to work if I have the IIS Application Pool configured to run under SYSTEM but running under the preferred NETWORK SERVICE account the private key access of the certificate fails. ...
    (microsoft.public.dotnet.security)
  • Re: How to use certificates?
    ... I expect that server will know the client public key, ... > private key for that certificate. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: IIS 6.0 SSL Certificate Difficulties
    ... that is just a plain text file with encrypted detail of your server detail. ... do you export the private key as well? ... > certificate from the IIS Snap-in it says that "You have a private key that ... > Another symptom is that when we create the request on the 2003 server, ...
    (microsoft.public.inetserver.iis)
  • Re: Private key generation
    ... Some encryption schemes (like f.e. ... identity based encryption) simply requires generation of private key on server... ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
    (microsoft.public.dotnet.security)