locked
Installing GoDaddy SSL in IIS7 RRS feed

  • Question

  • Hi,

    Last night I purchased a GoDaddy Turbo SSL with the intention to properly setup a certificate authority assigned SSL to our Exchange Server 2007's Outlook Web Access. Up until this point, we've only had a self assigned/generated certificate because it's only been online for about a week, and there are very few users on the system at this point.

    I started reading GoDaddy's instructions on installing the SSL in IIS7, and after following all of the instructions, I still appear to have some issues with getting it properly installed on the server. GoDaddy gives me the following instructions:

    Once your SSL certificate has been signed and issued, will send you an e-mail message that allows you to download the signed certificate and our intermediate certificate bundle , both of which must be installed on your Web site.

    Note: You must use the provided certificate-download link within 30 days of receiving the certificate-issuance e-mail message. If the download link is allowed to expire, you must request a certificate re-key in order to retrieve your signed SSL certificate.

    ---

    Installing SSL Certificate and the Intermediate Certificate Bundle

    Before you install your issued SSL certificate you must download and install our intermediate certificate bundle on your Web server. You may also download the bundle from the repository.

    Once you have downloaded and saved the certificate bundle, please follow the instructions below to install it.

    Installing Intermediate Certificate Bundle

    1. Type mmc in the Start search box after pressing the Start menu to start the Microsoft Management Console (MMC).
    2. In the Management Console, select File then Add/Remove Snap In.
    3. In the Add or Remove Snap-ins dialog, select Certificates then click the Add button.
    4. Choose Computer Account then click Next.
    5. Choose Local Computer, then click Finish.
    6. Close the Add or Remove Snap-ins dialog and click OK to return to the main MMC window.
    7. If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.
    8. Right-click on Intermediate Certification Authorities and choose All Tasks, then click Import.
    9. Follow the wizard prompts to complete the installation procedure.
    10. Click Browse to locate the certificate file. Change the file extension filter in the bottom right corner to be able to select the file. Click Open after selecting the appropriate file.
    11. Click Next in the Certificate Import Wizard.
    12. Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next. Click Finish.

      NOTE: If the Starfield Class 2 Certification Authority root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder.

    13. Expand the Trusted Root Certification Authorities folder
    14. Double-click the Certificates folder to show a list of all certificates.
    15. Find the StarfieldClass 2 Certification Authority certificate.
    16. Right-click on the certificate and select Properties.
    17. Select the radio button next to Disable all purposes for this certificate.
    18. Click OK.

    NOTE: Do not disable the Secure Certification Authority certificate located in the Intermediate Certification Authorities folder. Doing so will break the server, causing it to stop sending the correct certificate chain to the browser.

    Installing the SSL Certificate

    1. Click the Start menu and select Administrative Tools.
    2. Start Internet Services Manager and click the Server Name.
    3. In the center section, double click on the Server Certificates button in the Security section.
    4. From the Actions menu click Complete Certificate Request. This will open the Complete Certificate Request wizard.
    5. Enter the location for the certificate file. The file extension may be .txt or .crt instead of .cer (search for files of type all files).
    6. Enter a Friendly name.
    7. When the correct certificate file is selected, click OK.
    8. After the certificate has been installed you need to assign it to the correct Web site in IIS From the Connections menu in the main Internet Information Services (IIS) Manager windows, select the name of the server where you installed the certificate.
    9. Under Sites select the site to be secured with the SSL certificate.
    10. From the Actions menu, click Bindings.This will open the Site Bindings window.
    11. In the Site Bindings window, click Add. This opens the Add Site Binding window.
    12. Select https from the Type menu. The IP address should either stay as All Unassigned or be the IP address of the site. Set the port to 443.
    13. Select the SSL Certificate you just installed from the SSL Certificate menu. Click OK.

      I follow those instructions exactly as they are, but when I get to the part of completing the certificate request in the IIS7 Certificates area, I get an error message of ""CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN: 267)"
    Can anyone explain to me what I'm doing wrong? I'm really puzzled here.

    Saturday, October 4, 2008 3:34 PM

Answers

  • I would likely head over to http://forums.iis.net/ and post this question there.

    While we utilize IIS as part of some NAP solutions, the troubleshooting of IIS is probably better left to the IIS experts.  :)

    I did some looking and there a whole host of IIS 7 forums over there.

    Good luck!

    -Chris
    -Chris Chris.Edson@online.microsoft.com * SDET II, Network Access Protection Platform Team * Remove the "online" make the address valid. ** This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, October 8, 2008 1:08 AM