Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSL Certificates

Status
Not open for further replies.
NewNetworkAdmin

NewNetworkAdmin

Technical User
Sep 9, 2004
57
GB
Hi,

Firstly, this is the first time I have attempted to set up SSL certificates so please forgive any confusion or mis-use of terminology!!

I am trying to set up an SSL certificate that will allow users to connect to our Intranet and Outlook Web Acess sites securely (using HTTPS). I followed the instructions at under the section Enabling SSL on OWA.

I installed the Microsoft Certificate Service and set it up as an Enterprise Root CA. I then created a new certificate using the Certificate Wizard within IIS using the certification authority of servername.domain.com\servername that appeared in the drop-down list for Certification Authorities. This seemed to go ok and I enabled SSL on the default web site in IIS. Sure enough, when I tried to connect using HTTP I got an error that said the connection had to be secure. I tried HTTPS and it said "Page cannot be found".

I created a new MMC console for the Certification Authority and looking at the "Failed Requests" section. It has about 30 failed requests listed (I've probably tried about 30 times now!). The errors read like this:

Code: 
Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Certificate Services policy: WebServer.

I also tried to submit the certificate request using the IIS web page but I got a similar error message:

Code: 
Your certificate request was denied. 

Your Request Id is 32. The disposition message is "Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Certificate Services policy: WebServer. ". 

Contact your administrator for further information.

I guess that there is something I have not configured properly in the Windows Server 2003 CA configuration but I have no idea what it is. I have searched the Internet for help but cannot find the solution anywhere. If anyone has any ideas where I can find it or what to search for then please point me in the right direction.

Any help greatly received. Thanks in advance.

Andy
 
Sort by date Sort by votes
I tried doing all that too and it gave me headaches. First off even if it did work you would get a certificate error on IE7 because it does not come from a trusted root authority.

I would spring for the $$ and just buy one cheap from It is very cheap and works great.

A+, Network+, MCP
========================================>
My first computer was the Atari 400 (heh)
 
Upvote 0 Downvote
When you get a certificate you use the fully qualified domain name that you are going to use and it has to match on the SSL certificate otherwise you are going to get errors when a user tries to go to that SSL site. So if when you get your certificate you use as the fqdn mail.domain.com . Most browsers do not trust internal certifiates so its recommended that you get a certificate from a third party like GeoTrust, Thawte, Verisign, GoDaddy, etc since most all browsers trust those certs.

Once you install it any folder under that website will be able to use that SSL certificate. So if you have OWA then you can do and it will work and use the SSL certificate. You will have to get other SSL certificates if you change the name of the server or you add other websites to that and they dont fall under the default website. In IIS when exchange is installed it is normally installed under the Default Web Site, so as long as you put your certificate on that Default Website, exchange and any other folder under the website will be able to access it like OMA, Activesync, RPC over HTTPS.

Wm. Reynolds
RRWDS | TxPSS


- - - - - - - - - - - - -
Network Error:
Hit any user to continue
 
Upvote 0 Downvote
Thanks for your help...

ntfsDOTsys: I realise that the users would get a message stating that the cetificate is not from a trusted source and I also agree that it would be better to purchase a certificate. However, I would like to get some sort of SSL Certificate up and running allowing the decision to purchase a certificate to be made later.

reynolwi: Thanks for the explanations. I created the certificate using the FQDN that will be used. To be honest, if I can just get a certificate to succesfully create I would be happy at this moment!!

Does anyone know what causes the errors in the original post? More importantly, does anyone know how to get rid of them?!

Thanks

Andy
 
Upvote 0 Downvote
Thanks for all your help on this. I re-posted this message in the IIS forum as this is probably where it should have gone in the first place!! If anyone's interested in how I fixed this issue (well, got round it anyway), click here: thread41-1328475

Andy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Stijn
  • Locked
  • Question
No access from LAN to FTP-site with SSL
Replies
0
Views
54
Stijn
Stijn
jefferj54
  • Locked
  • Question
SSL Certificate for Remote Desktop
Replies
0
Views
55
jefferj54
jefferj54
Remou
  • Locked
  • Question
SSL Bindings 2
Replies
2
Views
79
Remou
Remou
StaplesMan
  • Locked
  • Question
Block accessing Bad SSL certificat sites via GPO
Replies
2
Views
84
58sniper
58sniper
incron
  • Locked
  • Question
IIS 6.0 SSL - the connection to the server was reset
Replies
0
Views
44
incron
incron

Part and Inventory Search

Sponsor

Back
Top