?
Solved

Is SBS 2003 server's Certificate, that is used by the IIS for SSL, required for the Server's trust with the client?

Posted on 2008-06-16
4
Medium Priority
?
619 Views
Last Modified: 2008-06-30
We've recently replaced the local SBS 2003 (not R2) server's motherboard and reinstalled the server.
The current motherboard is Intel's S3210SHLC motherboard that comes bundled with Intel's management and monitoring system - "Intel System Management Software 2.0" which I'd like to install.

The problem is that, when installing this system, it throws the following error:
"Setup can not continue because either:
1. SSL is enabled on the defualt web site with a self-signed certificate. To continue disable SSL or change the certificate.
2. There is not a default web site. Please reinstall IIS."

Now, since the IIS is installed and working and there is a default web site, I guess the SSL Certificate is the issue here. Unfortunately, I don't know how to disable the SSL requirement for the defualt web site and I don't want to delete the certificate as it might be required for the every day trust / authentication between the server and the client work stations (i.e. domain controller's sercurity ).

I'd appreciate if you could advice me with this issue ASAP.
0
Comment
Question by:Tomer73
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 25

Expert Comment

by:kieran_b
ID: 21791933
The SSL certificate is only required for OWA and RPC/HTTP - if you remove it, you can break those things.

You could uninstall the certificate (by removing it) then installing the intel software then reset the certificate (by re-running the wizard, or manually)

I am concerned that wouldn't work though, as the intel software may freak right out.

What I would be more inclined to do (assuming not using this intel software is not an option) is buy a certificate from http://www.rapidssl.com or http://www.certificatesforexchange.com - it will cost you maybe $30-$40 and seems like it would comply with the intel software.
0
 

Author Comment

by:Tomer73
ID: 21800511
First Thanks for the prompt reply!

The point is that I don't really need a 3rd party certificate for what we actually use on this SBS server. Thus I'd be happy not to mess with that only for the purpose of local system management. I'd be happy to know if the following options are possible:
1. Just disable the SSL for the default web site without having it uninstalled.
2. Backup this certificate so it could be reused at later time if required.

Finally, just to clarify things, from your answer, I understand that there should not be any authentication/trust problems between the server and the client work stations once this certificate is removed for the sake of the Intel "System Management Software". Is it right?

Thanks a lot,
Tomer.
0
 
LVL 25

Accepted Solution

by:
kieran_b earned 375 total points
ID: 21800971
Disabling SSL is not something I would recommend.  If this were within my control, I would either give up on this intel software or buy a certificate.

That said, you *could* get away with just removing the certificate from the default website - I am not sure what it would break preciseley, but it would extend past Outlook Web Access, RWW, CompanyWeb and sharepoint.  The VPN would be fine, daily communications would be fine, just (some) web functions would be affected.

Still, for the sake of <$50...
0
 

Author Comment

by:Tomer73
ID: 21820084
Hi,

I've decided to not install Intel System Management till I'll find a decent solution for the SSL certificate issue. Alternatively, I use an ultra light and simple free utility called "Core Temp" (http://www.alcpu.com/CoreTemp/) that supports Intel's S3210SH motherboard just to monitor the CPU temp.

Thanks for everything,
Tomer.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question