# Certificate Expired. Renewing says "request denied"



## Eclipse2003

I am trying to renew two certificates that expired a couple of days ago. I am not very familiar with this but I went to renew and selected the CA that it gave me and when I click Finish it says "the certificate request was submitted to the online authority, but was not issued. The request was denied." I am assuming maybe because it has already expired?

My question is, how do I renew these certificates? We are running Exchange 2007 and Server 2008 Standard SP2. Any help would be appreciated. Thanks!


----------



## IT-Barry

Usually buy them from a online seller such as godaddy.com or someone similar.

Should be able to renew via the site you bought them from.


----------



## Eclipse2003

I wasn't there when they originally purchased them. Is there a way on the server to find out where they were originally purchased from or would they have to pull that from their records?


----------



## IT-Barry

Should be able to find who issued it by going to Start > Administrative Tools > IIS Manager (not the 6.0 one)

Drill into your server name > find "Server Certificates"

Find the name of the certificate thats expired, should see who issued it in the "issued by" column.

Not sure how you renew it without having access to the account that bought it, unless the business email of the company bought them in which case happy days.

If you dont have access just as easy to buy a new certificate and set it up again.

*EDITED: For what its worth.*


----------



## Eclipse2003

It says issued by "immg-server-ca". Immg is our domain and server is the server name. Does this mean that it was issued by the server as opposed to a company like GoDaddy? If so, how can I renew it?


----------



## IT-Barry

Whats the certificate for? whats the issued to column say.

Load up certification authority, can find it by searching for it.

Check failed request and see what the reason is.


----------



## Eclipse2003

Issued to remote.domain.com and sites

Does that help? All it tells me is "request denied"


----------



## IT-Barry

> Verify that the Autoenrollment Policy is configured on the Enterprise CA
> 
> Before renewing or reissuing client authentication certificates on a DC server, you need to verify that autoenrollment is correctly configured. On the server hosting the Enterprise CA:
> 
> Load the certificate template MMC
> (Start run, MMC, File Add/Remove Snap-in, Add, Certificates Templates, Add, Close, OK)
> Find the Domain Controller Authentication template and double click
> Select the Security TAB
> find the domain Controllers entry and make sure Enroll and Autoenroll is checked in the permissions
> 
> Click OK.





> Steps to Replace an expired certificate
> 
> On the DC server:
> 
> Load the Certificates MMC and then target it at the computer account
> (Start run, MMC, File Add/Remove Snap-in, Add, Certificates, Add, Computer Account, Next, Finish, Close, OK)
> 
> Expand the Certificates (Local Computer) and then the Personal subfolder, then the Certificates folder.
> 
> Locate the Client Authentication certificate for the Domain Controller and verify the Expiration date.
> 
> If the certificate has expired, right-click the certificate, choose All Tasks and then Request Certificate with Same Key ...
> Complete the wizard.
> 
> Run a GPUPDATE /FORCE or reboot the DC server to force autoenrollment to replace the expired certificate.
> 
> Verify that a replacement certificate has been issued to the DC server in the Certificates folder (step 2).
> 
> If a replacement certificate was not issued, delete the expired certificate and rerun a a GPUPDATE /FORCE.


Hope everything works for you.


----------



## Eclipse2003

Does everyone need to be logged off the network when I do this?


----------



## IT-Barry

I wouldnt say so, it certainly shouldnt effect them in anyway.

Wouldnt hurt to do it out of hours, but either way shouldnt be an issue, it may take some time for the certificates to repopulate to the users/remote, so doing it at night leaving it to work its magic.


----------

