Go Back   Tech Support Forum > Microsoft Support > Windows Servers

Certificate Expired. Renewing says "request denied"

This is a discussion on Certificate Expired. Renewing says "request denied" within the Windows Servers forums, part of the Tech Support Forum category. I am trying to renew two certificates that expired a couple of days ago. I am not very familiar with


Closed Thread
 
Thread Tools Search this Thread
Old 01-16-2012, 02:01 PM   #1
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,247
OS: XP



I am trying to renew two certificates that expired a couple of days ago. I am not very familiar with this but I went to renew and selected the CA that it gave me and when I click Finish it says "the certificate request was submitted to the online authority, but was not issued. The request was denied." I am assuming maybe because it has already expired?

My question is, how do I renew these certificates? We are running Exchange 2007 and Server 2008 Standard SP2. Any help would be appreciated. Thanks!

__________________
Eclipse2003 is offline  
Old 01-16-2012, 02:14 PM   #2
Networking Team |Tech
 
IT-Barry's Avatar
 
Join Date: Sep 2010
Location: Falkirk, Scotland
Posts: 1,029
OS: XP, Win7



Usually buy them from a online seller such as godaddy.com or someone similar.

Should be able to renew via the site you bought them from.

__________________

MCP | MCDST | MCSA
IT-Barry is offline  
Old 01-16-2012, 03:36 PM   #3
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,247
OS: XP



I wasn't there when they originally purchased them. Is there a way on the server to find out where they were originally purchased from or would they have to pull that from their records?
__________________
Eclipse2003 is offline  
Old 01-16-2012, 04:19 PM   #4
Networking Team |Tech
 
IT-Barry's Avatar
 
Join Date: Sep 2010
Location: Falkirk, Scotland
Posts: 1,029
OS: XP, Win7



Should be able to find who issued it by going to Start > Administrative Tools > IIS Manager (not the 6.0 one)

Drill into your server name > find "Server Certificates"

Find the name of the certificate thats expired, should see who issued it in the "issued by" column.

Not sure how you renew it without having access to the account that bought it, unless the business email of the company bought them in which case happy days.

If you dont have access just as easy to buy a new certificate and set it up again.

EDITED: For what its worth.
__________________

MCP | MCDST | MCSA
IT-Barry is offline  
Old 01-16-2012, 04:53 PM   #5
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,247
OS: XP



It says issued by "immg-server-ca". Immg is our domain and server is the server name. Does this mean that it was issued by the server as opposed to a company like GoDaddy? If so, how can I renew it?
__________________
Eclipse2003 is offline  
Old 01-18-2012, 05:26 PM   #6
Networking Team |Tech
 
IT-Barry's Avatar
 
Join Date: Sep 2010
Location: Falkirk, Scotland
Posts: 1,029
OS: XP, Win7



Whats the certificate for? whats the issued to column say.

Load up certification authority, can find it by searching for it.

Check failed request and see what the reason is.
__________________

MCP | MCDST | MCSA
IT-Barry is offline  
Old 01-19-2012, 08:15 PM   #7
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,247
OS: XP



Issued to remote.domain.com and sites

Does that help? All it tells me is "request denied"
__________________
Eclipse2003 is offline  
Old 01-20-2012, 06:50 AM   #8
Networking Team |Tech
 
IT-Barry's Avatar
 
Join Date: Sep 2010
Location: Falkirk, Scotland
Posts: 1,029
OS: XP, Win7



Quote:
Verify that the Autoenrollment Policy is configured on the Enterprise CA

Before renewing or reissuing client authentication certificates on a DC server, you need to verify that autoenrollment is correctly configured. On the server hosting the Enterprise CA:

Load the certificate template MMC
(Start run, MMC, File Add/Remove Snap-in, Add, Certificates Templates, Add, Close, OK)
Find the Domain Controller Authentication template and double click
Select the Security TAB
find the domain Controllers entry and make sure Enroll and Autoenroll is checked in the permissions

Click OK.
Quote:
Steps to Replace an expired certificate

On the DC server:

Load the Certificates MMC and then target it at the computer account
(Start run, MMC, File Add/Remove Snap-in, Add, Certificates, Add, Computer Account, Next, Finish, Close, OK)

Expand the Certificates (Local Computer) and then the Personal subfolder, then the Certificates folder.

Locate the Client Authentication certificate for the Domain Controller and verify the Expiration date.

If the certificate has expired, right-click the certificate, choose All Tasks and then Request Certificate with Same Key ...
Complete the wizard.

Run a GPUPDATE /FORCE or reboot the DC server to force autoenrollment to replace the expired certificate.

Verify that a replacement certificate has been issued to the DC server in the Certificates folder (step 2).

If a replacement certificate was not issued, delete the expired certificate and rerun a a GPUPDATE /FORCE.
Hope everything works for you.
__________________

MCP | MCDST | MCSA
IT-Barry is offline  
Old 01-20-2012, 12:51 PM   #9
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,247
OS: XP



Does everyone need to be logged off the network when I do this?
__________________
Eclipse2003 is offline  
Old 01-20-2012, 03:41 PM   #10
Networking Team |Tech
 
IT-Barry's Avatar
 
Join Date: Sep 2010
Location: Falkirk, Scotland
Posts: 1,029
OS: XP, Win7



I wouldnt say so, it certainly shouldnt effect them in anyway.

Wouldnt hurt to do it out of hours, but either way shouldnt be an issue, it may take some time for the certificates to repopulate to the users/remote, so doing it at night leaving it to work its magic.

__________________

MCP | MCDST | MCSA
IT-Barry is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
security certificate expired
I couldn't get into my aol account. The message read security certificate expired. I want to clean my computer and purchase anti-virus protection. Any suggestions?
ann marie shifo General Computer Security 3 03-01-2011 10:46 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:29 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts