- Problem with blocked e-mail
There could be a number of reasons why the e-mails we send during the ordering process have been stopped by your mail server.
The e-mails contain an algorithm which is seen by some mail servers as a virus type attachment, or from time to time e-mails are sent out for information or customer satisfaction purposes and the sending address could possibly have been blocked by your e-mail administrator. For security reasons we do not have the ability to either intercept, alter the destination e-mail address. The only option we can give you is to apply for a "free replacement" (this will give you the option to change the technical e-mail address), to qualify for this the certificate must be issued within the last thirty days. If you are not within this period you will need to revoke the existing certificate, apply for a refund then re-enrol. Ideally the best option would be to contact the mail server administrator, they may have the ability to pass the e-mail on to you.
- When should I start the renewal process? You should start the renewal process no more than one month before your current certificate is due to expire. The new certificate will expire 1 or 2 years after the expiry date of your current certificate. Your new certificate may overlap your old certificate by as much as 30 days.
- How do I renew/replace my Certificate if I have lost my challenge phrase/not accepted?
If you encounter a problem, please contact the Trust Services Customer Support team on 0870 608 7878 or via email at support@trustwise.com.
- How do I renew my certificate if the server common name has changed?
As you are changing the Distinguished Name this is not technically classified as a renewal.
The process to follow is to enrol for an additional certificate and, as long as the company name is the same, the price for an additional certificate is the same price as a renewal.
Certificate renewal using IIS5?
Renewing a web server certificate on Microsoft IIS 5.0 when there is an existing certificate on the website.
When you have an existing web server certificate on Microsoft IIS 5 and need to renew that certificate you will find that you are unable to generate a CSR (Certificate Signing Request). When you go to Directory Security with IIS 5 and go to Server Certificate there is only two options: Renew or Remove the current certificate.
See Below
The renew function will not issue you with a new CSR. If you remove your old certificate, you will be able to generate a CSR, however this will leave your website without SSL until you get the renewed certificate installed. The Solution to this is to temporarily create a 'dummy site'. It does not need to be started or have any bodytext.
Using this 'dummy site', you should:
1. Generate a new CSR
2. Enrol through the BT Trust Services website
3. Install the certificate to the 'dummy site' in the usual manner Once you have the installed certificate you can then migrate it across to your working one. To do this you need to go into the properties of your production website and go to Directory Security.
Then go to Server Certificate and select next on the splash screen. You will be given three options you need to select the bottom of Replace the current certificate.
This will then pop up with a box with all the other certificates installed on your server. Select the Certificate you have just installed (on the dummy site) and continue though the wizard.
The certificate details will be displayed, make sure these are correct for your website. Finish the wizard and your correct certificate will be installed on your production web site.
- Renewing a certificate using the microsoft IIS5 renewal wizard?
This is an issue within IIS where the application enters our CA (Certification Authority) signature as an additional OU field, and then includes it in your details using the renewal process wizard (unfortunately we need your initial details which did not include our signature).
To work around this problem without having to remove the existing certificate from your web site, do the following
- From the MMC, right click the 'Default Web Site' and click on 'New--->Site' Create a new site. You can give it a temporary name.
- Right click on this new site and go to 'Properties-->Directory Security-->Server certificate' Select 'create new key' and follow the wizard to create a new CSR, ensure the details are the same as the existing certificate. Then use the newly created CSR and continue with the normal renewal process.
- When you receive the certificate back from TrustWise, right click on your new site with the temporary name and go to 'Properties--Directory Security--Server certificate' and follow the wizard to 'process the pending request' Now back up the certificate as follows.
Step 1. From "Start", "Run", enter "mmc", select "ok" (this will bring up your Microsoft Management Console window).
Step 2. From the MMC select "console" the "Add/Remove Snap-in" (this will bring up your Add/Remove Snap-in window).
Step 3. From the "Standalone" tab select "add".
Step 4. Select the "Add" button in the Add/Remove snap-In widow. The Add Standalone Snap-In window. The Add Standalone Snap-In window is now displayed.
Step 5. Select "Certificates" from the Add Standalone Snap-In window".
Step 6. Select the "Add" button in the Add Standalone Snap-In window.
Step 7. From the new "Certificates Snap-In page" select the "Computer Account" radio button.
Step 8. Select the "Next" button in the Certificates Snap-In window.
Step 9. Select "Local Computer" radio button in the Select Computer window.
Step 10. Select the "Finish" button in the Select Computer window.
Step 11. Back in the "Add Standalone Snap-in" window select "Close".
Step 12. Back in the "Add/Remove Snap-in" window select "ok". (you will now see you have added the certificate snap-in to your console).
Step 13. N.B If you wish to keep this option open then you will need to save the console settings (selecting "console" then "save").
Step 14. From the "Console Root\Certificate - Current User" highlight "Certificates" then using the mouse right click function you will have the option to "Find Certificates".
Step 15. In the Find Certificates window, select the "Entire Certificate Store" from the "Find in" pull down list. In the Contains field, put in a name that identifies your certificate e.g. THE COMMON NAME. Select "Issued To" from the "Look in Field" pull down list.
Step 16. Select the "Find Now" button in the Find Certificates window.
Step 17. The search results will show your server certificate. Select the certificate with the right mouse button and select "Export" from the pop up menu.
Step 18. The Certificate Export Wizard window is now displayed. Select the "Next" button.
Step 19. Select the "Yes" radio button in the Certificate Export Wizard window.
Step 20. Select the "Next" button in the Certificate Export Wizard window.
Step 21. Select the "Personal Information Exchange" radio button in the Certificate Export Wizard window.
Step 22. Tick the "Include all certificates in the certificate path if possible" box in the Certificate Export Wizard window.
Step 23. Tick the "Enable strong encryption" option in the Certificate Export Wizard window.
Step 24. Select the "Next" button in the Certificate Export Wizard window.
Step 25. Enter you transport "Password" and again confirm. YOU MUST REMEMBER YOUR PASSWORD!!
Step 26. Select the "Next" button in the Certificate Export Wizard window.
Step 27. Browse to the file path where you wish to store the certificate. The Save As window appears. Give the certificate a suitable name .
Step 28. Select the "Save" button in the Save AS window.
Step 29. Select the "Next" button in the Certificate Export Wizard window.
Step 30. Select the "Finish" button in the Certificate Export Wizard window.
Step 31. The Export was Successful dialog window appears. Select the "OK" button.
Then import the certificate onto the live site as follows: -
1. Open the Internet Services Manager.
2. Select the Web site that you want to enable SSL on.
3. Open the properties of that Web site and click the Directory Security tab.
4. Under the Secure Communications section, click Server Certificate to open the new Web Site Certificate Wizard.
5. Click Next, and then choose the Import a certificate from a key manager backup file option.
6. Click Next.
7. Input the location of your backup *.key file.
8. Click Next.
9. Enter the password that you set when you made the backup and click Next.
10. Double-check the summary data to be sure this is the proper key you want to import.
11. Click Next.
12. Ensure the certificate is correctly configured for SSL and restart the service for this to take affect.
