Hello.
I am trying to get our server use a SSL certificate from CAcert.org
I followed this: http://www.mailenable.com/Help/Files/ssl.htm
And then tried this: http://www.mailenable.com/kb/Content/Ar ... D=me020479
But i'm getting this error:
11/25/07 12:19:19 **** Error 0x8009030e returned by AcquireCredentialsHandle
11/25/07 12:19:19 **** Error creating credentials object for SSL session
11/25/07 12:19:19 Unable to locate or bind to certificate with name "selvet.dk"
The certificate is added to the Local Computer and not to the local user and the root certificates from CAcert.org are added
Any hints?
SSL certificate not working
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Hi,
Did you lockdown MailEnable by changing the account that the MailEnable services run under to the lower privileged account "IME_SYSTEM"? You may want to review the following article if the above case is true:
http://www.mailenable.com/kb/Content/Ar ... D=me020479
regards,
MailEnable Support.
Did you lockdown MailEnable by changing the account that the MailEnable services run under to the lower privileged account "IME_SYSTEM"? You may want to review the following article if the above case is true:
http://www.mailenable.com/kb/Content/Ar ... D=me020479
regards,
MailEnable Support.
-
- Posts: 13
- Joined: Sun Jul 30, 2006 12:58 pm
At point 4. and 5.
Same errors no matter what. Certificate is installed as administrator to the LOCAL_MACHINE, but some permissions seems off limits, but running the commands as administrator as well didn't do the kick:
C:\WINDOWS>winhttpcertcfg -l -c LOCAL_MACHINE\My -s "selvet.dk"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
CN=selvet.dk
Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.
C:\WINDOWS>winhttpcertcfg -g -c LOCAL_MACHINE\My -s "selvet.dk" -a Administrator
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
CN=selvet.dk
Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.
C:\WINDOWS>winhttpcertcfg -g -c LOCAL_MACHINE\My -s "selvet.dk" -a IME_SYSTEM
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
CN=selvet.dk
Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.
Same errors no matter what. Certificate is installed as administrator to the LOCAL_MACHINE, but some permissions seems off limits, but running the commands as administrator as well didn't do the kick:
C:\WINDOWS>winhttpcertcfg -l -c LOCAL_MACHINE\My -s "selvet.dk"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
CN=selvet.dk
Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.
C:\WINDOWS>winhttpcertcfg -g -c LOCAL_MACHINE\My -s "selvet.dk" -a Administrator
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
CN=selvet.dk
Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.
C:\WINDOWS>winhttpcertcfg -g -c LOCAL_MACHINE\My -s "selvet.dk" -a IME_SYSTEM
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
CN=selvet.dk
Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.
-
- Posts: 46
- Joined: Tue Apr 19, 2005 7:30 pm
Re: SSL certificate not working
Were you ever able to get your SSL Cert installed? I've got the same errors when using winhttpcertcfg.exe
I was thinking I'd just reset the password on the IME_SYSTEM account and then use it to run it under those credentials to see if I can make it work that way. Any suggestions would be very helpful.
I was thinking I'd just reset the password on the IME_SYSTEM account and then use it to run it under those credentials to see if I can make it work that way. Any suggestions would be very helpful.
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: SSL certificate not working
Hi,
Run "process monitor" http://www.systinternals.com and configure the utility to filter on the winhttpcertcfg.exe. Perform the commands to assign permission for the IME_SYSTEM account to reproduce the error and then inspect the process monitor log output and search for "Access denied" errors.
Run "process monitor" http://www.systinternals.com and configure the utility to filter on the winhttpcertcfg.exe. Perform the commands to assign permission for the IME_SYSTEM account to reproduce the error and then inspect the process monitor log output and search for "Access denied" errors.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support