Unable to import SSL certificate in SBS 2008

I needed to install an SSL certificate in a new SBS 2008 server. I used the SBS 2008 wizard and created a certificate request. I then tried to buy a UCC ertificate from GoDaddy and they said the certificate request info was not a high enough bit request (needed 2048 and SBS wizard requests 1024). I found instructions on Internet to bypass the wizard and do the same thing by using IIS manager to request the certificate and then install it.
I was able to successgully do this with GoDaddy including the intermediate certificate. No problems. I have a 5 domain UCC certificate and the II7 wizard had no problems.
I then tried to import this using The SBS 2008 wizard using the "certificate already installed" option and the wizard only sees to self-signed certificates.
OWA and RWW do not show a valid 3rd party certificate installed.

I need to get this certificate working properly with Outlook Anywhere, Remote Web Workplace, Outlook Web Access, etc.
Thank you.
LVL 1
summit_pcguyAsked:
Who is Participating?
 
Syed Mutahir AliTechnology ConsultantCommented:
http://blogs.technet.com/sbs/archive/2009/12/14/how-to-manually-install-certificates-in-sbs-2008.aspx

Above link will explain on how to import this ;

Make sure your certificate is installed in your server / computers Personal certificate store

-------------
Follow the above link first
You can also do a get-exchangecertificate on an elevated exchange mgmt shell prompt and note / copy the thumbprint of your ucc certficate and enable the services by :

Enable-ExchangeCertificate -Thumbprint <THUMBRPINT> -Services "POP, IMAP, IIS, SMTP"  
Where <THUMBRPINT> is the actual thumbprint.  When prompted to overwrite the existing services, answer A for all.
0
 
MesthaCommented:
You can't use IIS for Unified Communication SSL certificates with Exchange 2007. You have to either use the wizard, or Exchange Management Shell.

My blog article on this subject will guide you through the entire process.
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

When it comes to the certificate installation, take careful note of what GoDaddy say about the intermediate and root certificates, particularly with disabling some certificates.

Simon.
0
 
summit_pcguyAuthor Commented:
Awesome mutahir! That fixed my OWA/rww problem and probably Exchange (unable to test at the moment).
I am still having problems with RDP. When I log in with a Windows 7 client to the server I still get the message about a n0n-trusted cert and when I view the cert it is a self-signed cert.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Syed Mutahir AliTechnology ConsultantCommented:
you can ignore that ; and select yes to accept that certificate ;

that will not effect your owa/rww or any services as such.
0
 
Syed Mutahir AliTechnology ConsultantCommented:
the rdp cert is basically located in

Start > Run > MMC

File > Add remove Snap in

Certificates Snapin > local computer > browse to Remote Desktop

it is that certificate and has no effect on rww, owa, exchange, sharepoint.


0
 
ParanormasticCryptographic EngineerCommented:
Sounds like RDP is using a cached certificate, best bet is to reboot the server, but you can try bouncing the terminal services service first if you like.  You may also need to clear out the self-signed cert - many MS programs like to use the first cert it finds that has the correct attributes, and that might be it.  The place it looks is in Certificates MMC (computer account) - Personal - Certificates.  If you're worried about getting rid of it, you can always export the cert along with the private key and if necessary you can import it again later from the resultant .pfx file.
0
 
Syed Mutahir AliTechnology ConsultantCommented:
You can delete the rdp certificate in the location i mentioned in post id : 26154023
it will re-generate itself, it is not a problem, its just that whenever you will rdp to your server for the first time it will be prompted, you just press "d" and "y" ; so it won't ask again and accept it and save it.
0
 
skynetopCommented:
Simon,

I am also having issues with SBS 2008.  I however was able to complete my cert request and install a Go Daddy cert with no issues.  We ran into issues with Exchange after a Microsoft patch was installed.  I had to remove and re-install the Web Services Role and also then re-populate all of the Exchange Virtual Directories and Exchange Client Access Role.

At this point in time the server will not accept any new certs.  I have tried  manually putting in the certs into IIS with luck.  I manually setup the cert per these instructions:

http://help.godaddy.com/topic/742/article/4801

My issue now is the correct cert is installed and binded to the SBS Web Applications Site.

However if you login to our RWW page, its defaulting to the self signed cert.  I am not sure why this is, I restarted IIS but it stays the same.  If I run the SBS Wizard It errors out stating that the cert does not match the site name, even if the original cert is rekeyed at GoDaddy.  Is there a way to reinstall the CA on the server?  

Regards,

Mark
0
 
Syed Mutahir AliTechnology ConsultantCommented:
You can also do a get-exchangecertificate on an elevated exchange mgmt shell prompt and note / copy the thumbprint of your ucc certficate and enable the services by :

Enable-ExchangeCertificate -Thumbprint <THUMBRPINT> -Services "POP, IMAP, IIS, SMTP"  
Where <THUMBRPINT> is the actual thumbprint.  When prompted to overwrite the existing services, answer A for all.
0
 
Syed Mutahir AliTechnology ConsultantCommented:
check with get-exchangecertificate <thumbprint> |fl

the above command will list which services are binded on the certificate, if they are not , you can then bind the services onto it with the command in my post above this one.
0
 
skynetopCommented:
Everything looks like the godaddy cert but I see maybe one issue,
under status it states invalid.

Why would it be invalid?  It was re-keyed and everything should be ok.

Ill get a screen shot tomorrow for you to see.
0
 
summit_pcguyAuthor Commented:
Everything works fine now.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.