Comments on: Updating Subject Alternate Names in an Exchange certificate http://projectdream.org/wordpress/2009/11/02/updating-subject-alternate-names-in-an-exchange-certificate/ The experiences of an SMB IT technician Mon, 16 Aug 2010 07:18:16 +0000 hourly 1 http://wordpress.org/?v=3.0 By: MadsD http://projectdream.org/wordpress/2009/11/02/updating-subject-alternate-names-in-an-exchange-certificate/comment-page-1/#comment-4522 MadsD Sat, 12 Dec 2009 09:44:50 +0000 http://projectdream.org/wordpress/?p=639#comment-4522 Yep, my private key was on multiple lines. The version of Notepad++ is 5.5.1 Anyway, issue resolved another way! 1. In GoDaddy - Manage the SSL and add your Subject Alternate Names (SANs) you want. ... time goes by.. so slowly... time goes by... so slowly... 2. When GoDaddy has approved your SANs, go create a New-ExchangeCertificate with the exact SANs you want in the new certificate! Search Bing/Google for "Digicert SAN tool" and use that.. it's marvellous. 3. Use GoDaddys Re-Key feature, and paste the new CSR in. 4. Presto, Certificate re-keyed.. go download, and Import-ExchangeCertificate as you'd do. For your own sake, remove the old certificate afterwards :) Regards MadsD :) Yep, my private key was on multiple lines. The version of Notepad++ is 5.5.1

Anyway, issue resolved another way!

1. In GoDaddy – Manage the SSL and add your Subject Alternate Names (SANs) you want.
… time goes by.. so slowly… time goes by… so slowly…
2. When GoDaddy has approved your SANs, go create a New-ExchangeCertificate with the exact SANs you want in the new certificate! Search Bing/Google for “Digicert SAN tool” and use that.. it’s marvellous.
3. Use GoDaddys Re-Key feature, and paste the new CSR in.
4. Presto, Certificate re-keyed.. go download, and Import-ExchangeCertificate as you’d do.

For your own sake, remove the old certificate afterwards :)

Regards
MadsD :)

]]> By: Lukas Beeler http://projectdream.org/wordpress/2009/11/02/updating-subject-alternate-names-in-an-exchange-certificate/comment-page-1/#comment-4521 Lukas Beeler Sat, 12 Dec 2009 09:38:38 +0000 http://projectdream.org/wordpress/?p=639#comment-4521 MadsD, the only thing i can think of is that you used a text editor that was not LF-aware - was your private key on multiple lines? Or you've exported the wrong certificate/private key pair. Or maybe there's an issue with the x64 version of OpenSSL. MadsD, the only thing i can think of is that you used a text editor that was not LF-aware – was your private key on multiple lines?

Or you’ve exported the wrong certificate/private key pair. Or maybe there’s an issue with the x64 version of OpenSSL.

]]> By: MadsD http://projectdream.org/wordpress/2009/11/02/updating-subject-alternate-names-in-an-exchange-certificate/comment-page-1/#comment-4520 MadsD Sat, 12 Dec 2009 09:28:39 +0000 http://projectdream.org/wordpress/?p=639#comment-4520 Dammit, I can't get it to work. OpenSSL just states that "No certificate matches private key" 1. I exported my old cert 2. Issued openssl to get out.txt 3. Opened out.txt with Notepad++, found the parts stating -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- and saved it to key.pem (both lines included) 4. Issued openssl with my newly downloaded crt-file and inkey key.pem and out to my newcert.p12, this part fails with the abovementioned message What am I doing wrong? :| I'm on Windows 7 x64 (took OpenSSL x64 and the corresponding 64-bit VS2008 Redistributables. Regards MadsD Dammit, I can’t get it to work.

OpenSSL just states that “No certificate matches private key”
1. I exported my old cert
2. Issued openssl to get out.txt
3. Opened out.txt with Notepad++, found the parts stating —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– and saved it to key.pem (both lines included)
4. Issued openssl with my newly downloaded crt-file and inkey key.pem and out to my newcert.p12, this part fails with the abovementioned message

What am I doing wrong? :|
I’m on Windows 7 x64 (took OpenSSL x64 and the corresponding 64-bit VS2008 Redistributables.

Regards
MadsD

]]>