Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 915
  • Last Modified:

Why is the sbs 2008 certificate not trusted?

Hi, I recently built a new sbs 2008 and am having trouble with the certificate for remote web workplace. How do I go about reinstalling the certificates to stop getting this error when I goto the address - There is a problem with this website's security certificate.
 
   
 The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information


If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.
 
Thanks in advance.
Chris
0
choy77
Asked:
choy77
  • 6
  • 6
  • 2
1 Solution
 
trident25Commented:
This is because the Certificate has been signed by a certificate authority that is not trusted by your computer. If you are connecting with a computer that is a member of your SBS domain it will automatically trust your certificate authority but any other computers wont.

You have a couple of options;

To get other computers to trust your certificate you can install the root certificate of your domain onto their computer. To do this you need to first save your root domain certificate, this is on your SBS server at \\<server name>\Public\Downloads\Certificate Distribution Package\ in that share you will find two files. The Install Certificate.exe and SBSCertificate.cer.

Take BOTH of these files and run the EXE on the computer you want to trust your SBS domain. Make sure the cer and exe files are in the same directory when you run the exe otherwise it wont work.

The other option is to get a certificate from a commercial certificate provider; these are certificate that you have to pay for but are already trusted by windows machines. See http://www.google.com/search?hl=en&safe=off&rls=com.microsoft%3Aen-gb%3AIE-SearchBox&q=ssl+certificates&aq=f&oq=&aqi=

Hope that helps.
0
 
Rob WilliamsCommented:
To ad to trident25's comments. With SBS2008 you do not need to export the certificate. SBS creates a client certificate install package for you, on the SBS, in C:\Users\Public\Public Downloads\Install Certificate Package.zip  which you can give to end users to install on their PC's.

The better option though is to buy a trusted certificate as this is needed by remote clients and wireless devices like smart phones and saves you a lot of time. They can be purchased as cheaply as <$40 from www.godaddy.com
0
 
choy77Author Commented:
Hi thanks for your comments.  I have tried both the above but the certs are mismatched.

Is there any way of putting new certs in the public folder? reinstall it so to speak?

Thanks again
Chris
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Rob WilliamsCommented:
You can do so by re-running the "set up ypur Internet address" wizard located under the SBS console / netwok / connectivity.
0
 
choy77Author Commented:
tried that didnt work anything else I can try?

cheers
0
 
Rob WilliamsCommented:
Odd.
You can try manually removing the install package (I wouldn't delete just move for now), and running the "remove trusted certificate" wizard before the "set up your internet address" wizard.
0
 
Rob WilliamsCommented:
You could also try the "fix my network" wizard. It is amazing all of the checks and repairs it does, though i am not sure if it affects the certificate.
0
 
trident25Commented:
Have you got the error that is being generated for the certificates? It could be that you are accessing it via a FQDN that is not the same as the FQDN on the certificate?
0
 
choy77Author Commented:
hi,
I still get this error even when I reinstall the certificates I have cleared them ran the fix my network and still happens!! all ports are open for it to work just doesnt hae any if it.

Could it be that the actual FQDN hasnt been registered and I am getting to it via the IP address so it wont recognise it properly or does this not matter?

If I type in the FQDN it doesnt work because the person in tech support for their company hasnt got round to it.  Is it because of this FQDN not being registered? will it not work with just the IP address if the IP had been originally registered with a faulty certificate for example?

would this work with the IP if I buy an actual cert online still?

Thanks
Chris


0
 
Rob WilliamsCommented:
If you are connecting by IP then the certificate doesn't match. The certificate verifies the site to which you are connecting is actually 'who it says it is'. I.e. it protects you from connecting to a spoofed site.
With SBS 2003 you could create the certificate using the IP instead of a FQDN, but I don't believe it will work with 2008 as the wizards work differently.

>>"would this work with the IP if I buy an actual cert on-line still?
"
No.  You need to get your external DNS records in order.

0
 
choy77Author Commented:
Robwill:

Thanks for the verification that is what I kinda thought would be the case.

At least I can pass this on to the tech dept to get the records in order as I can't do anything with it.

Thanks again for the swift response.

Regards

Chris
0
 
Rob WilliamsCommented:
Good luck with it. Let us know how you make out.
--Rob
0
 
choy77Author Commented:
Thanks,

Chris
0
 
choy77Author Commented:
A record weren't correct thanks!!
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 6
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now