locked
Edge Server Certificate assignment - None available ! RRS feed

  • Question

  •  

    Hi All,

     

    I've purchased some certificates from godaddy for my edge server installation. I generated the cert request using the OCS server wizard, which I then pasted into godaddy in the certificate request page. After godaddy's domain validation etc, I have received the certificates and installed them onto my OCS edge server machine using the OCS certificate wizard. When I view the certificates in mmc, all the certificates seem ok ie they all have the private key associated and signed by an intermediate godaddy CA, which in turn has been signed by GoDaddy's class 2 CA, both of which are in my trusted CA's.

     

    The certificates all have Server Authentication in the certificates Extended Key Usage.

     

    When running the OCS certificate wizard, when I select to assign a certificate, the next page is supposed to show the available trusted certificates on the edge server that have a private key and Server Authentication in the EKU. I have 3 certificates that pass those criteria, but none are showing in the certificate wizard at this point. I really dont know why these certificates are not being displayed here.

     

    Has anyone seen this problem and solved it ?

     

    Thanks,

    Marcus

    Wednesday, November 14, 2007 12:28 AM

All replies

  •  

    Marcus,

     

    Which certificate store and folder do you see these under?  They should be in the Local Computer store, typically under Personal\Certificates.

     

    What happens if you submit a request to your internal CA for a certificate and try assigning that one to an Edge role as a test?  At least you could see if it's something inherent to the GoDaddy certificates or something related to the server itself.

    Wednesday, November 14, 2007 2:46 PM
    Moderator
  •  

    Hi Jeff,

     

    Thanks for the response. The certificates are under the Local Computer store, in Personal/Certificates - like you suggested.

     

    We dont actually have an internal CA so I cant test your idea of trying another certificate. If I cant resolve this issue, I may need to install certificate services on one of our machines to try your idea.

     

    I noticed a few people are using godaddy certificates - can anyone that is using godaddy certs tell me which application they chose when they requested the certificate. I chose 'Other' as OCS was not in the list - it was basically a list of different web servers I think.

     

     

    Thanks,

    Marcus

    Wednesday, November 14, 2007 10:54 PM
  •  

    i have exactly the same problem with internal stand alone ca and don't have a solution too...
    Friday, November 16, 2007 7:38 AM
  • Does the issued certificate from your internal CA show WebServer for the Certificate Name Template and Server Authentication for the Enhanced Key Usage?

     

    Friday, November 16, 2007 5:16 PM
    Moderator
  • yes.

     

    Monday, November 19, 2007 6:37 AM
  • i have the same problem. my external certificate is from thawte. The cert-path is OK. so what's wrong?

     

    @mckey415:

    what about the cert-path, do you have the root-cert installed? after installing the internal root-cert, my internal certificate could be assigned.

    Monday, November 19, 2007 2:54 PM
  •  

    yes, my server trusts my CA, i.e. CA's certificate is installed into trusted root CA's store.
    Tuesday, November 20, 2007 5:23 AM
  • hmmm! i have no further suggestions. it seems to be the same problem i have on the external side.

     

    which internal CA do you use, microsoft?

     

    Tuesday, November 20, 2007 8:44 AM
  •  

    yes, i'm using the microsoft CA. i also generated a certificate for web components on this CA, and it installed just perfect...
    Tuesday, November 20, 2007 9:55 AM
  • well, i solved my problem!

    the problem was that i didn't had a CA certificate in Trusted root CA container for my computer. when i installed a CA certificate i just double click it and follow the wizard. But in this case wizard places certificate into trusted root CA's container for my account, not for computer. So i just imported my CA certificate into correct container and it solved my problem. hope it will help someone else.

    Friday, November 23, 2007 11:15 AM
  • I solved this as well - basically the same problem as McKey415 - The GoDaddy intermediate CA was not in the local computers Trusted Root CAs list. Once I put it in there, I could assign all certificates with no problems at all. I put them it my personal Trusted Root CAs, which must have been why there werent available for assignment. Was confusing because the certificate was being validated fine by Windows.

    Wednesday, November 28, 2007 10:45 PM
  • I had this problem with our GoDaddy UC Cert, where it wasn't showing as an available cert. Godaddy was issuing us just a CRT file while OCS was expecting a CER file.

    I had to go to the godaddy admin site where you manage your cert, and click ReIssue. Then copy the contents of the window on the right (the reissued cert) into a text file and name it ourcert.cer.

    Then take this to our edge server and restart the certificate wizard. When the wizard asked for the file from the CA, I pointed it to the ourcert.cer file and it worked.

    I had a valid cert that had a private key after that.

    Monday, February 18, 2008 8:40 PM
  • Hi Thom

    I have same proble like you.
    I went to GoDaddy admin site clicked re-issue
    but there is no place were to rename the cert like cert.cer.
    Please advise?

    Thanks
    Monday, June 22, 2009 11:36 AM