locked
Certificate problems. one or more assignment operations failed. please use the snap-in to correct errors. RRS feed

  • Question

  • I am installing oct 2007 and when I run through the install wizard I get to the point of "configure certificate". I bought a standard ssl certificate and am trying to use it for this purpose, but I can't get to install.

    I get an error:

    one or more assignment operations failed. please use the snap-in to correct errors.

     

    I have no idea what this means. Hopefully someone can help!

     

    It is a standard SSL certificate bought through godaddy.

     

     

    Monday, September 29, 2008 4:40 AM

All replies

  • Are you by chance attempting to use a wildcard certificate?  These are not supported in OCS.  If not, then I'd suggest reding through the Certificate Infrastructure section of the OCS Planning Guide (starting on page 56) and see if there is anythine incorrect in your certificate request.

     

    Also check the OCS event log and see if there are more details on that error.

     

    Monday, September 29, 2008 12:01 PM
    Moderator
  • Hi,

    Here are the steps that you should be taking. Can you verify this is the procedure you are following:

     

    1) you got to the "configure certifcate" section of the wizard

    2) created the cert request

    3) sent the request to godaddy,

    4) they processed the request and sent you a ".cer" file

    5) you re-ran the cert wizard, chose "process the pending request and import cert".imported the cert

     

     

    Is this correct? If not please give some details on what you are doing differently & that might help pinpoint the issue. I've used the standard SSL cert from GoDaddy a few times and it works no problem.

     

    Regards,

    Matt

     

     

    Monday, September 29, 2008 6:18 PM
  • Hi , and thanks for all the help.

     

    I followed your instructions as written and I got the same error.

    I then deleted the pending request and re-keyed the certificate and submitted it again with godaddy.

    Did this ab out three times and eventually it worked.

     

    Not sure if anyone else was playing with my server while the certificate was being issued -- but it's all up and running now..

     

    Thanks again!

    Monday, September 29, 2008 9:30 PM
  • I just wanted to post this as a follow-up, as I had numerous problems even getting the certificate from GoDaddy visible in the OCS Certificate Wizard. I wanted to get this information in the public domain in case anyone else is also experiencing the problems I had.

    The certificate I purchased was a "Standard Multiple Domain (UCC) SSL Up to 5 Domains" certificate from GoDaddy.com.

    The problems I encountered:
    - After retrieving the certificate from GoDaddy, the OCS Certificate Wizard complained about the certificate not matcing (EKU, etc.)
    - Trying to assign the certificate manually: unable to find the private key, not showing up in the certificate wizard when trying to assign directly

    Here's what I did to get the certificate imported (I cannot yet attest to whether everything works yet though):
    - Generate certificate request: The Subject Name MUST match the Organization Name (this is because with the "Standard" certificate, GoDaddy replaces the organization name with the Subject Name)
    - When submitting to GoDaddy, tell it you are using IIS (so that you get the correct intermediate certificates)
    - BEFORE importing the resulting certificate, you MUST install the intermediate certificates into the "Computer Account" certificate store. If you install them into the user store, the certifcate cannot be recognized by the OCS Wizard (Run MMC, Add "Certificates" snap-in and point to "Computer Account")

    I hope this helps anyone else who runs into these issues.

    Robert
    Tuesday, January 13, 2009 7:24 PM
  • Robert's solution works like a charm, thanks for that

    Quoting Robert
    ------
    Here's what I did to get the certificate imported (I cannot yet attest to whether everything works yet though):
    - Generate certificate request: The Subject Name MUST match the Organization Name (this is because with the "Standard" certificate, GoDaddy replaces the organization name with the Subject Name)
    - When submitting to GoDaddy, tell it you are using IIS (so that you get the correct intermediate certificates)
    - BEFORE importing the resulting certificate, you MUST install the intermediate certificates into the "Computer Account" certificate store. If you install them into the user store, the certifcate cannot be recognized by the OCS Wizard (Run MMC, Add "Certificates" snap-in and point to "Computer Account")
    ------
    I want to add:
    - Make sure that when using the Edge Deployment Wizard to generate the certificate requests, DO NOT add Subject Alternative Names , a simple sip.yourcompany.com will do (again, the Subject Name MUST match the Organization Name ). When submitting the CSR into GoDaddy's wizard. You will have to add the Subject Alternative Names inside the GoDaddy wizard. Also make sure it doesn't include duplicates.
    Monday, April 20, 2009 4:39 PM
  • to add a SAN to the GoDaddy UCC certificate, use the above mentioned post to create a CSR and re import the signed SSL while keeping in mind the following points:
    Assuming OCS 2007 R2:
    - Generate a new certificate request just like the above, make sure EKU is chosen
    - Go to GoDaddy website and ---->> REKEY <<---- the certificate, put the new CSR, put the new SAN and issue it.
    - run MMC, Add "Certificates" snap-in and point to "Computer Account", import the new .crt into the Personal Certificates
    - Go to OCS 2007 Edge Server and choose to Assign a certificate in the certificates page
    Thursday, April 30, 2009 1:17 PM