Not able to install Trusted certificate on SBS2008

Article ID: 2351321 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS


The Small Business Server Add a Trusted Certificate wizard may fail with following error : 

"The imported certificate does not match your Web site. Verify that you selected the correct certificate, and then try again.

If you do not have another certificate file, contact your certificate service provider"



If you examine the trustedcert.log file located at c:\program files\microsoft windows small business server\logs you may see the following error:  

[3304] 100806.233539.2018: IISConfigLib: Enabling SSL with params: website name: SBS Web Applications, ipNumOfInterfaceToBindWithSsl: *, port: 443, host header:
[3304] 100806.233539.2488: CoreNet: Exception Microsoft.WindowsServerSolutions.Common.IWorker.IISConfig.IISConfigException:

[3304] 100806.233539.2598: Exception:
---------------------------------------
An exception of type 'Type: Microsoft.WindowsServerSolutions.Common.IWorker.IISConfig.IISConfigException, IISConfigLib, Version=6.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' has occurred.
Timestamp: 08/06/2010 23:35:39
Message: IIS Server Administration threw an exception. See inner exception for details.
Stack:    at Microsoft.WindowsServerSolutions.Common.IWorker.IISConfig.CIisConfigLib.EnableSsl(String webSiteName, String ipNumOfInterfaceToBindWithSsl, Int32 port, String hostHeader, Byte[] certHash, Boolean overRideBinding)
   at Microsoft.WindowsServerSolutions.Networking.Wizards.TCIWizard.TaskProcessRequest.BindLeafCertToIIS()
   at Microsoft.WindowsServerSolutions.Networking.Wizards.TCIWizard.TaskProcessRequest.Run(ITaskDataLink dataLink)
---------------------------------------
An exception of type 'Type: System.ComponentModel.Win32Exception, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' has occurred.
Timestamp: 08/06/2010 23:35:39
Message: A specified logon session does not exist. It may already have been terminated
Stack:    at Microsoft.Web.Management.Utility.HttpApiWrapper.CreateSSLBinding(IPEndPoint endPoint, HTTP_SERVICE_CONFIG_SSL_PARAM_MANAGED allSSLData)
   at Microsoft.Web.Management.Utility.HttpApiWrapper.CreateSSLBinding(IPEndPoint endPoint, Byte[] certificateHash, String certificateStoreName)
   at Microsoft.Web.Administration.BindingManager.Save()
   at Microsoft.Web.Administration.ServerManager.CommitChanges()
   at Microsoft.WindowsServerSolutions.Common.IWorker.IISConfig.CIisConfigLib.EnableSsl(String webSiteName, String ipNumOfInterfaceToBindWithSsl, Int32 port, String hostHeader, Byte[] certHash, Boolean overRideBinding)

[3304] 100806.233539.2838: AdminTME: Status: TaskId = Networking.Wizards.TCIWizard.TaskProcessRequest, RootTaskId = TaskProcessRequestSequential, Success: False, Warning: False, Continue: True, Message: The imported certificate does not match your Web site. Verify that you selected the correct certificate file, and then try again.

If you do not have another certificate file, contact your certificate service provider.

CAUSE

The private key for the certificate may be missing.


RESOLUTION

If the original certificate request was made from the Small Business Server, you may be able to use the following steps to recover the lost private key.  The steps must be run on the computer that generated the certificate request.  If the steps fail, you may have to rerun the Trusted Certificate Wizard and request a new certificate.
  1. Click Start, click Run, type mmc, and then click OK
  2. On the File menu, click Add/Remove Snap-in
  3. In the Add/Remove Snap-in dialog box, click Add
  4. Click Certificates, and then click Add
  5. In the Certificates snap-in dialog box, click Computer account, and then click Next
  6. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish
  7. Click Close, and then click OK
  8. In the Certificates snap-in, expand Certificates, right-click the Personal folder, point to All Tasks, and then click Import
  9. On the Welcome to the Certificate Import Wizard page, click Next
  10. On the File to Import page, click Browse
  11. In the Open dialog box, click the new certificate, click Open, and then click Next
  12. On the Certificate Store page, click Place all certificates in the following store, and then click Browse
  13. In the Select Certificate Store dialog box, click Personal, click OK, click Next, and then click Finish
  14. In the Certificates snap-in, double-click the imported certificate that is in the Personal folder. 
  15. In the Certificate dialog box, click the Details tab. 
  16. Click Serial Number in the Field column of the Details tab, highlight the serial number, and then write down the serial number. 
  17. Open an Administrator command prompt.
  18. At the command prompt, type the following:
    certutil -repairstore my "SerialNumber"

    SerialNumber is the serial number that you wrote down in step 16. 
  19. In the Certificates snap-in, right-click Certificates, and then click Refresh

    The certificate now has an associated private key.

Once the private key is in place, you can rerun the add a trusted certificate wizard and properly install the certificate.





MORE INFORMATION

http://support.microsoft.com/kb/889651
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/53dfdb5e-6106-4d99-85bb-da199bc27c7e.mspx?mfr=true
http://technet.microsoft.com/en-us/library/cc535024(EXCHG.80).aspx
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2351321 - Last Review: January 14, 2011 - Revision: 2.0
APPLIES TO
  • Windows Small Business Server 2008 Standard
  • Windows Small Business Server 2008 Premium
Keywords: 
KB2351321

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com