Windows Server

Tony Su · Guest

IIRC, Docs describe only the requirement to be validated and support TLS.

Purchased a commercial certificate, but installing the certificate generates
the following error

Live Communications Server requires a certificate that has a private key.
Please select a new one.

What is this private key required to do?
Is there a specific laundry list of requirements I can use in requesting a
certificate?

TIA,
--
Tony Su
www.su-networking.com
ISA
SBS
Enterprise Mobile Solutions Architect

S. Pidgorny · Guest

Private key is required to decrypt traffic that is encrypted with the public
key. Signed public key is the certificate. Further information and links
please find at http://en.wikipedia.org/wiki/Pki

The error message that you're getting is self-explanatory: you don't have
the private key in the store where you have installed the certificate. As
such, you won't be able to use the certificate for any TLS function, or even
export if to a PKCS #12 file.

Which commercial CA have you used to request the certificate, what type of
certificate have you chosen and how exactly have you enrolled? It is only
possible to provide detailed help having those details.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

Tony Su · Guest

Hmmm...
I thought I had purchased the correct certificate, now I'm reading the cert
description again and ai don't see what I thought I saw before (GoDaddy High
Assurance Certificate)

https://www.godaddy.com/gdshop/ssl/high.asp?se=%2B&app%5Fhdr=

I received a second certificate I haven't installed yet, am not sure whether
this other certificate is what is required. Is the Private Key supposed to be
embedded in the current certificate or in another certificate?

Tony

S. Pidgorny · Guest

Tony,

the private key is never sent to the CA - if you're using Windows client to
enrol for the cert, the private key is on that system, perhaps - in the user
certificate store.

I wasn't able to get to the enrollment at GoDaddy - they ask for the credit
card details first. You might wish to call their support and get
step-by-step instructions.

Usually you have to mark private keys as exportable during the enrollment,
and after receiving the cert - export it to a PKCS #12 (.pfx/.p12) file, and
import it on the server. But, again, you better get instructions from the
vendor.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

Tony Su · Guest

Thx, I'll see what can be done. Will post back results if I can get this
resolved.

Tony

Tony Su · Guest

GoDaddy says that all their certificates cannot be used for TLS, only for SSL.

Any suggestions from anybody on a Commercial CA who issues certificates
which can be used for TLS (LCS)?

Tony

Greg · Guest

We got our certificates from VeriSign and they work for TLS.

S. Pidgorny · Guest

Tony Su · Guest

Yeah,
I have since discovered that <every> CA in the authentication chain has to
be configured individually and manually to make things work, it's not
sufficient to configure only the cert installed into LCS.

And, after I determined that was the issue I went back and looked at
GoDaddy's cert and saw that it should work, too.

Thx all for posting,
Tony

lozzmo · Joined: 17 Aug 2006 Posts: 1

Tony, can you please let me know what you did to fix it? We just installed LCS, have a GoDaddy cert, and have exactly the same situation as yourself.

Thanks,

Lozzmo

	Windows Server Forum Index -> Live Communications Server	All times are GMT
Page 1 of 1