Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Thawt certificate issue with TMG web listner

Answered Thawt certificate issue with TMG web listner

  • Thursday, January 10, 2013 11:04 AM
     
     
    Sign In to Vote
    0

    Hi,

    I have just bought new ssl certificate for ssl.xxx.x domain from thawt. We already have ssl certificate installed at TMG server which is running fine and going to expire on 15/1/13

    I have installed the new certificate on windows 2008 R2 (SP1). But when I go to web listener and select certificate the certificate is marked red and its validity is invalid and I found the following error in the below box

    Server name     certificate store                                                                  private key

    Edn-tmgs-01    correctly installed (local machine personal)                     Incorrect key type

    I can’t understand why it’s giving the problem of incorrect key type.

    I also tried to troubleshoot via certutil command but received the following error

    system32>certutil -f -repairstore my 702xxxxxxxxxxxxxxxxx

    ================ Certificate 0 ================

    Serial Number: 702axxxxxxxxxxxxxxxxxxxxx

    Issuer: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O=Thawte, Inc., C=US

     NotBefore: 1/8/2013 12:00 AM

     NotAfter: 1/16/2016 11:59 PM

    Subject: CN=ssl.axiossystems.com, OU=Domain Validated, OU=Thawte SSL123 certific

    ate, OU=Go to https://www.thawte.com/repository/index.html

    Non-root Certificate

    Template:

    Cert Hash(sha1): b1 ca xxxxxxxxxxxxxxxxxx

      Key Container = {8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

      Unique container name: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    9-2e1c8e5f93ec

      Provider = Microsoft Strong Cryptographic Provider

    Private key is NOT exportable

    Signature test passed

    CertUtil: -repairstore command completed successfully.

    Please help me to rectify the issue

    Thanks

    Mahmood




    • Edited by Mahmoodch Thursday, January 10, 2013 11:07 AM
    • Edited by Mahmoodch Thursday, January 10, 2013 11:13 AM
    • Edited by Mahmoodch Thursday, January 10, 2013 12:58 PM
    •  
     

All Replies

  • Thursday, January 10, 2013 1:36 PM
     
     Answered
    Sign In to Vote
    0

    I would say that you have a  CNG/v3 certificate (assuming that this actually is a correct server certificate).

    For ref see http://blogs.technet.com/b/yuridiogenes/archive/2010/07/20/incorrect-key-type-when-creating-a-web-lister-on-tmg-using-v3-certificate.aspx

    You need to get a v2 version of the certificate, contact Thawte for support.

    Hth, Anders Janson Enfo Zipper

     
  • Tuesday, January 15, 2013 11:56 PM
     
     
    Sign In to Vote
    0

    This is Bryan from Thawte Tech Support. If you ran the certutil command and it resulted successfully, it means you have paired the thumbprint to the private key and your certificate should be valid.

    However, if you are unable to use the certificate, it's possible that some things maybe corrupted. In that case, you can create  a new CSR and do a free replacement on Thawte's web site. You can log into your Thawte certificate center and do the replacement from there. To log into Thawte's account, please follow this link:

    https://ssl-certificate-center.thawte.com/process/retail/console_login?application_locale=THAWTE_US