?
Solved

Website Security Certificates with RWW and RPC over HTTP.

Posted on 2008-11-14
50
Medium Priority
?
1,201 Views
Last Modified: 2013-12-08
Hi experts,

No matter how hard I try or read, there seems to be one area about the Internet or networking that I just can't seem to understand. I really need some step by step help.

I continue to have problems with website security certificates which I think are keeping me from doing certain things. I am having trouble getting Outlook to connect to Exchange Server via RPC over HTTP. I have decided not to do any more troubleshooting until I can rule out the certificate error. Since, when I use RWW from home, I have to click through the certificate error by clicking on "Continue to this website (not recommended)" I am guessing that Outlook can't do that on its own.

So....there are two areas I have questions on. One is on the server and one is on my browser at home. When I ran CEICW for the first time, I allowed SBS to make its own certificate for SSL. I did not purchase one. So far, that has worked, and I have been able to get to Exchange with no issues I believe. Is it better to purchase a certificate from GoDaddy? What would be the advantage? And, does that certificate have anything to do with connecting error free for RWW via 443 or for RPC over HTTP for that matter?

And as to my client computer at home. I continue to click through the warning which brings me to the first page of RWW. But, the certificate error says Mismatched Address. I am able to left click there, choose View Certificate and then install it. It may allow me to access RWW once without the error, but eventually the error comes back. Would purchasing a certificate or using a trial certificate work? And, if I do just use the certificate provided, is installing it to the default location as good as choosing one of the Trusted Folders?

Again, my main goal here is to understand these certificates and set them up so I can RWW without the certificate error.

Thanks.
0
Comment
Question by:Bert2005
  • 29
  • 21
50 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22967345
Correct, SBS allows you to create a "homegrown" self signed certificate. This can be done by running the CEICW. You can also re-run the CEICW at any time if you want to change or add a purchased certificate.

The certificate must match the address to which you are connecting for RWW. Therefore if you are connecting to https://home.DDNSaddress.org /remote the certificate must be for home.DDNSaddress.org, if an actual domain such as https://SNSname.MyDomain.com/remote it needs to be SNSname.MyDomain.com, and finally, you can use the public IP https://66.66.123.123/remote and you make the certificate for 66.66.123.123

When you use a homegrown certificate, browsers do not recognize the certificate authority, and you get the unknown certificate error. In this case with rpc/http you need to first install the certificate on the connecting PC/laptop, which eliminates the error in future. To do so (IE7) when you get the error click continue, then on the menu bar click on certificate | view certificate | install certificate | next | place certificate in the following store | browse to Trusted Root Certificate Authorities | then just follow through the wizard and accept defaults and save.

If you buy and install a certificate using the CEICW the connecting PC, actually IE, will know the certificate authority and automatically accept it avoiding the error. This is like your bank site where you never have to approve it and see the little padlock on the menu bar indicating a secure site. I feel it is almost compulsory with mobile devices like PDA's, to use a purchased cert as installing the certificate on these, especially non-windows mobile units can be very frustrating. You can buy the certificate from many sources. GoDaddy is the least expensive and http://www.rapidssl.com is a little more but my preference, as they provide excellent installation instructions and support.

The purchased certificate does make life much easier as it is seamless for your end users. Keep in mind it has to match your connecting domain name.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 22969383
Hi Rob,

I keep installing the certificate on the connecting PC iinto the Trusted Root Certificate Authorities. When I try to reconnect in a new browser I get the same unknown certificate error. Every once in awhile it will go to the RWW log in page without the error, but the next time it will get the error.

Ultimately, I think I need to install a certificate in CEICW, so I think I will do that now.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22969426
Hi Bert, sorry i didn't read who had made the post.
Installing a certificate certainly eliminates a lot of hassles. However installing the homegrown one locally should work, I have never had a problem with it. It must be put in the "Trusted Root Certificate Authorities" folder, or you will keep getting the notice. You will also keep getting the notice if the connection name does not exactly match the certificate name.
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
LVL 1

Author Comment

by:Bert2005
ID: 22972386
Rob,

I went to rapidssl.com. It was a bit confusing mainly because it keeps referring to a web server, which I am not running. Maybe it is the same.

I did find this site using Google:

http://technet.microsoft.com/en-us/library/cc949119.aspx

Its step-by-step instructions seem relatively easy to follow. Is that the way I should do it? Also, if I use those instructions, it seems as though I would be without the homegrown certificate while I am waiting for the purchased certificate.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22972435
Yes those instructions are correct. You shouldn't be without a certificate, it just creates the request. However, that is one of the reasons I like rapidssl. They have a "neat" authorization process. If you are familiar with using their service from the time you start the process on the SBS until you complete the installation can take less than 20 minutes. When you submit your request, they do all the approvals and check immediately, and then an automated dialing service calls your telephone number. You put in a security code, it's approved and sent. Network Solutions and others that are $500 to $1000 (I don't know all the differences) are about 3 days.

I have never used GoDaddy, but lots of others have had problems installing. If interested in theirs they have a video explaining the process:
http://www.netometer.com/video/tutorials/godaddy-ssl-certificate/index.php

This is the RapidSSL cert you want to buy:
http://www.rapidssl.com/ssl-certificate-products/rapidssl/usd/rapidssl-order.htm
If you click the continue button it automatically adds $10 for phone support. If it is your first time you may want to do so. If not below it in small print is continue without support option.
Their certificate request instructions:
http://www.rapidssl.com/ssl-certificate-support/generate-csr/microsoft_IIS_5.htm
Their installation instructions:
http://www.rapidssl.com/ssl-certificate-support/install-ssl-certificate/exchange-owa.html
Though these instructions are basically correct for SBS, except you also need to run the CEICW, just check for details on the Microsoft site you provided.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 22972655
Thanks Rob,

A couple of questions:

1. It seems that the process described in the article I found would go first and then bring me to a point where I look for a certificate and purchase it.
2. The link to the correct certificate on RapidSSL (thanks for that) would allow me to purchase it prior to going through the process on SBS. Is there a better way to do the sequence?

Also, the phone support went up until 8PM. Maybe I should wait until tomorrow when I could take advantage of that.

After purchasing the i-Mate phone, I tried to use ActiveSync to access Exchange to sync with the email. I am not sure, but I think that is necessary to be able to push email to my Smartphone. I was unable to get it to connect due to certificate issues.

And, given Sembee was on a hiatus, I was kind of out of luck. I can never figure out if he is active on here.

Also, since I may install SBS 2008 on my new server, are these certificates transferrable?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22972705
1. sort of. You create the certificate request, then go to RapidSSL purchase process. They will need the contents of the Certificate request file to process your order.
2. No, you can start the purchase process, but very early on in the process they need the contents of your request file before you can contiue

Seems they don't actually bill you until you do the phone confirmation. You can cancel the process almost all the way through.
If worried they offer $10 insurance to create a replacement cert if you loose the first one somehow. Not a big risk, just back up the file. Main issue is make sure the name is right. If that is wrong they won't issue another free one.

The phone confirmation is 24 hours a day, but the phone support may be limited. I have never had to call them myself.

The main reason I purchase certs is for smart phones. I'll bet I have spent over 20 hours with 10 different phones or PDA's trying to install the howngrown certs. Some you simply copy the cert and click on it, some you have download hacking tools and run apps from the command line. The purchased cert just works! The problem is the phones are getting smarter and they don't let you install a cert from an unknown source (your SBS), so in many cases you have to do some fancy hacking. The RapidSSL Cert is an Equifax cert which is automatically accepted because the parent/root is already authorized on the phone.

I have no idea about how to use any device starting with 'i' or MAC :-)  I do know there are lots of questions about getting iPhones to work with Exchange. Make sure you have Exchange SP2 installed, or e-mail push to smart devices won't work.

I believe you can transfer your cert, but only if the new 2008 server will be using the exact same name. If you are going to do a migration, that may not be possible. I wouldn't put SBS2008 in production until January myself. The serve is solid, but the documentation is incomplete and scarce, and many support people, like me are, not up to speed.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 22972748
Exactly. I contacted TrainSignal, and they are planning a course for SBS2008, but it isn't in their resources (as they said). TrainSignal (I think you may have put me onto them) is excellent.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22972769
Did they say when they might have something? I agree their courses are very well put together.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 22972810
This was their exact response. They responded in about three minutes!

Thank you for contacting Train Signal, Inc.  Small Business Server 2008 is a course we would like to produce in the future however we have not committed our resources yet to this project.  If and when we do decide to produce an SBS 08 course, more information will appear on our website.  
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22972907
Not terribly helpful is it :-)
0
 
LVL 1

Author Comment

by:Bert2005
ID: 22972930
No. For courses that typically run around $150 as I recall, you would think they would at least keep you excited about it. Kind of line Microsoft as in we are thinking somewhere around March 2009. I don't know why they wouldn't put their "resources" into it.

But, you did bring up an interesting point earlier. Not too many people can be "up to speed" yet. And, saying, well we don't have anyone who is good at it yet probably doesn't sound quite as good.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22973027
SBS 2008 looks very simple and in some ways it is, but there are a lot of differences, that are not complicated, but different, and important. I would recommend setting it up in a virtual environment to get used to it.

For the record, it is almost impossible to mess up a clean install. A migration is a different story :-)
If you want to wait for a certificate, 2008 when you install it asks if you have an existing domain name (public), if not do you want to register one, and it walks you through the whole process, including purchase, it then asks if you want to use a home grown certificate out purchase one. If you want to buy one, it walks you through the whole purchase and installation. They are "in bed" with GoDaddy and a couple of others for this part. Lots of new wizards that work very well.

The migration "wizard" is not really a wizard but an assisted guide of sorts.

Seems to me I saw an unanswered question of yours regarding Sharepoint migration??? I haven't looked into that, but I am sure it will be addressed. As I said a lot of the documentation is not complete on some of these things.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 22973048
I downloaded the virtual installation from Microsoft. It was very helpful. It does seem as though it has a lot more helpful things. It has a little different way to connect computers, but it probably connects them to the domain in much the say way when all is said and done.

Yes, my Sharepoint question never got answered. I would hope one would be able to move your Sharepoint data to 2008 or moving up to 2008 would be something I would not want to do. I just have too much information on Sharepoint.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22973213
End result of the wizards is similar, but their names, location, and syntax are different. I am not so sure there are a lot of reasons to switch but it does work well if you want a new install or need to upgrade due to the age of hardware. I have had a few customers ask, and if they have no need to upgrade I have suggested for the most part it's not worth the minimum of $3000 to upgrade (O/S CAL's and 64 bit hardware). I do have a couple booked for Jan/Feb migration.

I am sure you will be able to migrate your Sharepoint data, you just may have to wait for documentation. Shouldn't be long, or it may be out and I haven't seen it.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 22973230
If I were staying with the same server, I probably would say, "If it ain't broke, don't fix it." Although, that doesn't seem to have been my MO in the past. I usually find a way to fix whatever is working.

But, with my new Dell PowerEdge 2900 with seven hard drives, I have to install an OS on it. So, I figure 2008 (since I have it) would be the best way to go. I would hate to install 2003, and then have to reinstall when I decided 2008 was the best option down the road. The only thing I need to figure out is if my new server is able to run a 64 bit OS.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22973302
Assuming your new server runs 64 bit (probably) it makes a lot of sense for you especially where you don't have to spend the money on licenses or CAL's.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010018
OK, so back to the original question. I am very close to finishing the certificate process. The problem is I not exactly sure what to put as the "common name," as this seems to be rather important.

It starts by saying, "Your web site's common name is its fully qualified domain name

Based on whether my server is on the Internet or Intranet, it gives me two options:

1. If it is on the Internet, it says I should use a valid DNS name

2. If it is on the Intranet, it should be my NetBIOS

So based on the above, I am not sure if I should enter

www.riverviewpediatrics.org
riverviewpediatrics.org
server.riverviewpediatrics.org
server.riverviewpediatrics.local
Riverviewpediat
Riverview

I thought my NetBIOS name was Riverviewpediat
I also thought my FQDN was the same as my computer name on the properties from right clicking on My Computer, i.e. server.RiverviewPediatrics.local

I can say that the server.RiverviewPediatrics.local was not accepted while server.riverviewpediatrics.org was

So, where I am to actually send my CSR information, it states that the CSR you generated is designed to work with the following URL:

https://server.riverviewpediatrics.org

Is that OK, or should I should I leave out the word "server?"

FYI: Everywhere I look, the NetBIOS name is defined as the first 16 characters of my domain name where the 16th is a byte, i.e. Riverviewpediat    
When installing SBS, I made Riverview the NetBIOS name. It seems to work. Is that a problem?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23010145
The name you want to use, is the name you use when connecting to remote web workplace from the Internet, I would assume:   server.riverviewpediatrics.org

NetBIOS names are not usable on the public internet, you must use DNS names  (fully qualified DOMAIN names). Also .local is not a public root. Public root domains/suffixes are .com, .ca, net, .org, .uk, etc.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010171
Thanks. I actually can't get into RWW using server.riverviewpediatrics.org. I have to use:

https://72.45.xxx.xx

I just tried the following:

server.riverviewpediatrics.org
https://server.riverviewpediatrics.org

The first one just takes me to a Road Runner site.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23010195
You need to create a DNS record for server.riverviewpediatrics.org  To the best of my knowledge you cannot create a public certificate using the IP. Do you have a static public IP or dynamic IP ?
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010206
I have a static IP at the office where the server is. I have a dynamic IP for Roadrunner at home.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 23010257
Good, the static at the office makes life much simpler.
How are you getting your mail if you do not have DNS names registered?

Regardless you need to create a public DNS host record for server.riverviewpediatrics.org (replacing server with your server name) that points to 72.45.xxx.xx This is done with whomever manages DNS for your public domain. With some registrars you can do it your self, others you have to ask them to do so, but it is a common request. It would be with the sam people that have your mail MX record/s, possibly DOMAINIT.COM or RoadRunner.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010324
My MX records are with Domainit.com. You can also do a MX Lookup for riverviewpeditarics.org which will give you some info, not sure how helpful. As an FYI, I am using Zimbra Emergency Mail in case Exchange goes down, which it did for over a week once, and we lost a lot of email. I know there are free services, but this is easy for now.

On Domainit.com, I did go to Modify Domain Records. Not sure if that is the place for your suggestion. Currently, I have an

AREC
CNAM
CNAM
MX
MX
MX

Maybe under Create a new domain record, I could put

server.riverviewpediatrics.org   and then point it to 72.45.161.xx    (not sure if I should use the actual IP address or the one I use for RWW. I have six addresses and most of my outside things point to the IP address one above the actual public IP

Also, just before the area to put in the Record Name and the Recover Value/MX Priority there is a drop down box for the Record Type. There are three options: AREC, CNAME and MX.

0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010328
Obviously, I have record names next to the list of thngs above, i.e. the AREC, CNAME, etc.

These all start with

mail
ftp
www
riverviewpediatrics
riverviewpediatrics
riverviewpediatrics

respectively

I can give more information on them if you need it.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23010343
You showed me your Zimbra Emergency Mail  service a while back. I thought it was great. There are a lot of free services that hold your mail, but none that I know of that allow you to access it.

It is called a host record, you have similar for all your PC's on your LAN in your private DNS.
The host is 'sever', the host name you use is the FQDN server.riverviewpediatrics.org
The IP you use is the one that gets you to where you want to go. When you use https://server.riverviewpediatrics.org /remote or http://server.riverviewpediatrics.org /exchange it will resolve to what ever IP to which you make the host record point. Think of it as a phone book for the Internet.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010421
Glad you liked the Zimbra. At least the staff thinks it is easier to access their mail there. They aren't too keen on OWA.

I am almost getting it. So in detail, should I

enter server.riverviewpediatrics.org in the Record Name under AREC? And, then put the 72.45.161.xx in the MX Priority?

Or do they have to do it for me? Also, again, there is AREC, MX and CNAME.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23010461
>>"I am almost getting it."
I'm not so sure :-)
>>"So in detail, should I enter server.riverviewpediatrics.org in the Record Name under AREC? And, then put the 72.45.161.xx in the MX Priority?"
It has nothing to do with MX records, they are just for mail.
There is probably section to manage riverviewpediatrics.org and the existing host records like www.riverviewpediatrics.org  and ftp.riverviewpediatrics.org, you just need to add one more server.riverviewpediatrics.org
Just dawned on me AREC is likely 'A' Record, which is a host name. You don't need an MX record for that as mentioned.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010477
Yeah, I knew the MX records were email. Just get a bit confused some times. It seems like the following would be where to put it? I am guessing put a new CNAME, then the server.riverviewpediatrics.org and then the same IP as the one next to the mail one?

AREC        mail.riverviewpediatrics....              72.45.161.xx                             EditDelete
CNAME       ftp.riverviewpediatrics.org            riverviewpediatrics.org            EditDelete
CNAME       www.riverviewpediatrics.org     riverviewpediatrics.org          EditDelete
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23010497
No doubt, until you have done a few it is confusing. For that matter it's always confusing. The management consoles are different everywhere.

A CNAme record is an alias that usually points to a different domain. A LAN example would be a CName record for companyweb points to server.riverviewpediatrics.local
You want a host or 'A' record. It often is on the same page as the MX records, but a different section.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010521
So, I would think that AREC = A Record. So,

AREC        server.riverviewpediatrics.org.        72.45.161.xx

So wouldn't this be all I would need to do? And, if so, does it need to take some time to propogate through the universe?

0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23010573
Bingo. That is it.
Propagation shouldn't be an issue because the universe knows where the records are for riverviewpediatrics.org
Moving them to another registrar is what takes time.

Power went out here last night and is flickering again tonight. I may be off line soon :-(
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010593
Well, one quick question before you go offline.

Given that is set up, what exactly do I put in my browser at home?

https://server.riverviewpediatrics.org
https://server.riverviewpediatrics.org/remote
https://server.riverviewpediatrics.org/exchange

then just http:// with all of those

or just

server.riverviewpediatrics.org   by itself
server.riverviewpediatrics.org/remote
server.riverviewpediatrics.org/exchange

I suppose I could try them all, but then if something is still wrong, I will be there all night.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23010609
And, I am assuming the DNS name is going to take me to the same place as when I type in

https://72.45.161.xx

which would be the RWW page, which of course still has a certificate error since I am still doing all this.

And, sometimes I don't understand why I mask the IP address since anyone can find it in email headers and with MX Lookups, etc.

Plus, supposedly server.riverviewpediatrics.org will take them to the RWW site, although they may not know the name of the server...which...of course

Of course, they still would need the server username and password. But, that is why I stress good passwords for everyone since usernames in businesses tend to be rather easy to figure out, so I suppose your overall network is only as good as your weakest password.

I finally assigned passwords since this one employee would name her password after her cat, her daughter, etc. Once, she used the password: ab123456. I had to add a capitol letter and a character now.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23010695
Use
https://server.riverviewpediatrics.org/remote
For RWW
https://server.riverviewpediatrics.org/exchange
To access OWA directly

>>"And, I am assuming the DNS name is going to take me to the same place as when I type in
https://72.45.161.xx"
Yes, sort of. Does that take you anywhere now? It may take you to a default page, but it shouldn't. SBS sometimes sets one permission wrong.
https://72.45.161.xx/remote
and
https://72.45.161.xx/exchnage 
should work though, and maybe
https://72.45.161.xx
from the LAN (depends on the router)

I too would mask the public IP. "out of site, out of mind"

Passwords are critical. You can even access a VPN with the right user name and password.
You should enable password security policies. I think it is done automatically if you use the to do list on the SBS server management console. This forces passwords of 7 characters or longer and they must use a mix of upper and lower case, and at least 1 number or symbol. It also configures password lock out policies which are equally important so someone cannot just keep guessing.

However, assuming you have done so, the biggest risks are internal. Heard of a site compromised the other night by giving the cleaning staff $100.

0
 
LVL 1

Author Comment

by:Bert2005
ID: 23013399
I think one of my posts didn't go through. I think we should take a break and have at it again tonight. Unless, of course, you are actually going to go out and have fun. Nah. Computer geeks don't have fun, lol.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23018602
OK, I'm back. Wow, that must make you all excited, lol.

Well, I finally got https://server.riverviewpediatrics.org/remote   and also /exchange  to work!

I'm not sure what I was doing wrong. I did change one small thing that may have made a difference. Well, if it did, get ready to laugh.

I went to Remote Access Wizard (it seems like what I am trying to do has a little do with remote access -- maybe not?). On server name, it said www.riverviewpediatrics.org which is clearly not my server name. I changed it to server.riverviewpediatrics.org

Of course, there has to be at least one confusing page on the RapidSSL enrollment.

I have chosen the Registered Domain Contact email address. But, then it asks for alternate email addresses to receive the approval email and gives a list which is quite large. I do not have any of the listed email accounts. I could set one up but it would take a while before Zimbra could set up the email account. I suppose I could just set up a POP3 email. Or can I just forward my email to two of them?

OR do I have to choose one at all?
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23018816
OK, so I decided to go ahead and not name any alternative email addresses. So, I got to the payment field and entered all of my credit card information.

But, the price listed is higher than the selection I made.

I had chosen an initial certificate for $89.

I did not choose any reinsurance insurance of GeoSupport.

So, the cost at the end should have been $89.

But, it showed $138.

Where did that come from?
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23018980
Well, I agree RapidSSL seems easier to understand than GoDaddy, but I don't know if I could recommend it to anyone.

I finally got fixed the price issue, then got all the way to the last screen, and the Submit button is greyed out. Tried refreshing the screen and going back, etc. but it didn't fix it.


0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23021116
>>"Nah. Computer geeks don't have fun, lol."
True, but we do go on road trips sometimes. :-)  Took off in a rush to try to beat our first snow storm. Very early this year, and we were wearing T-shits only 4 days ago.

How did you finally make out? If the submit button is grayed out you have missed a required field somewhere. Hard to say what.
I agree, your first time takes a little while though you seem to be having some odd issues like pricing. For the record, I think renewing is only $45, if you do so next year. For future reference, renewing, on the SBS, is a different procedure. Make sure you read the instructions when time comes.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23023066
I don't think I missed a required field. It usually gives you that error when you do. I emailed them, and I will see what they say.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23023277
OK, it worked on a different PC. For some reason, it didn't work on the server browser. I am sure I could go back and change it, but I would rather get your input on the proper certificate.

I received the certificate from RapidSSL after going through some very fun and many little phone hoop instructions. I copied and pasted it into a text file, then renamed it:

riverviewpediatrics.org.cer  as it instructed me to rename it yourdomain.cer. I take it "yourdomain.cer = riverviewpediatrics.org.cer

After saving it, it changed into a Secure Certificate icon. Very cool. Other than the proper renaming of it, the only question I have is:

When copying and pasting the certificate code into the text file, do I include or not include the

------------BEGIN CERTIFICATE-----------
------------END CERTIFICATE--------------

My initial sense would be to not include them, but I am only confused, because during the CSR, it asked me to include the Begin and End statements.  
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23025059
No don't copy those, just the text in-between.
Also I don't know if riverviewpediatrics.org.cer  could be a problem. It shouldn't but I would stick to riverviewpediatrics.cer  in case virus software or other doesn't like the double extension. Its just a name it can be anything like MyDog.cer or Cert-Nov-08.cer
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23026088
It just can't be this hard. Or, I simply can't make it this hard. It seems so intuitive at this point.

This is what I have done and where I am:

  1. Using IIS, I made a certificate request.
  2. I then uploaded that by copying and pasting it into RapidSSL's site.
  3. This generated me a certificate, which I paid for.
  4. The actual certificate was sent to me via email.
  5. The "code" or whatever you would call it was pasted into a text file and renamed riverviewpediatrics.cer using only the information between the Begin and End.
  6. I then ran CEICW until I got to the Web Server Certificate page.
  7. Under "Use a Web server certificate from a trusted authority," I browsed to the certificate.
  8. I clicked on next.
Attached is the error message.








Certificate-Error.JPG
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23028657
OK, I think I got it working. I am not completely sure what was wrong with the other certificate.

I chatted with tech support (they won't take phone calls -- maybe something to do with the $10 -- kind of confusing on the initial order page).

It may have been that they did recommend copying the Begin and End. Worked after that.

The RPC over HTTP is still not working, but I at least got the Certificate problem out of the way. Since Outlook cannot click on the phrase that says to bypass that, it's good I fixed that. BUT, I don't think it is appropriate to get into that here as this question became mainly about the certificate for that and not for RPC over HTTP.

The only issue I am having now is how to use the RWW on the Intranet.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23032074
Rob,

Everything seems OK.

The only weird thing is I used to be able to connect on my RWW link from within the Intranet (can't recall the URL). It won't work now from inside after installing the certificate.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23032124
I think I figured it out. I don't know how, but I did. That is sometimes the best way. :--)
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23033915
Sorry to disappear on you Bert. Numerous power and internet outages here the last 3 days.
Sounds like you have it working, great!
Internally access using  http://SBSname/remote  You don't need httpS or the FQDN

Thanks Bert.
Cheers !
--Rob
0
 
LVL 1

Author Comment

by:Bert2005
ID: 23039196
Thank you for the help.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 23042623
Very welcome, any time......assuming I have Internet. Lost it again yesterday Grrrr.....
--Rob
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question