Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS 2008 Remotewebworkplace w.o. certificate

Posted on 2010-08-20
7
Medium Priority
?
701 Views
Last Modified: 2012-05-10
Hi Experts,

on SBS 2003 it wasnt necessary to import the servers sefsigned certificate into a client computer to use remote webworkplace an connect to a desktop pc. i just clicked away the warning and it worked.

since SBS2008 this isnt possible anymore. i can use owa but cant connect to a desktop pc. i have to install the certificate from \\sbs2008\public\downloads. after that it works.

but what, if the user wants to connect from a machine in an internetcafe and cant install the cert.

thanks in advance
0
Comment
Question by:deibel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 336 total points
ID: 33483782
Quite possibly the name on the certificate doesn't match the name you are requesting from the server which is why Internet Explorer is rejecting it, it has nothing to do with SBS2008 this isn't preventing the access it's the client machine.

You need to make sure the certificate matches the URL you are using to access the server, or simply purchase an SSL Certficiate, for around $90 per year for a SAN/UCC certificate that is required for SBS2008/Exchange2007
0
 
LVL 3

Assisted Solution

by:J0shJ0sh
J0shJ0sh earned 668 total points
ID: 33484553
Just for some clarification -

When you purchase a cert as described by demazter you no longer have to install it everywhere.  You only have to install because its self signed and as demazter describes you are not matching names correctly....

Shorty story, buy a cert!
0
 
LVL 2

Assisted Solution

by:jdewaard
jdewaard earned 332 total points
ID: 33487183
Just to clarify more.  Even if the URL matchs what's on the certificate, your SBS server is still not a Trusted Certificate Authority for random public computers.  As such, you will still get an error and have to install the certificate manually.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Assisted Solution

by:FL4TJM
FL4TJM earned 332 total points
ID: 33487742
In 2008 pretty sure no can do...from my experience in installing several 2008 SBS servers over last coule months you MUST issue the cert for install to the client PC to access Remote Web. Actually very nice from a security standpoint but does rule out access from public PC's. The Server even creates a zip folder with the cert and installer to facilitate install by not so tech savvy users. Server generated Cert works fine but the cert name and url MUST match if they were not setup that way in DNS you can always add a local HOSTS file entry on the remote client PC
0
 
LVL 3

Assisted Solution

by:J0shJ0sh
J0shJ0sh earned 668 total points
ID: 33487881
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
 If you follow this article and get it done right it elimates the needs to install the cert on remote machines.
  However you still have to install the active X in IE so public PC option is still not always a given.

http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
This post describes what you are doing today.  This is not required with a purchased SSL Cert.
0
 
LVL 2

Assisted Solution

by:sbs-mix
sbs-mix earned 332 total points
ID: 33492285
you have to spend some $$$ for a certificate, that's your only way out if you want the user to connect from anywhere.
idea is that the cert has to be issued by a recognized certification authority. some browsers automatically recognize those paid for certificates, so you should take a look at this when picking urs. I bought alphaSSL certs for around 25 $ a year, the cheapest i found on the net, and it's pretty well recognized by half a dozen browsers.
you should watch out to buy a cert with the EXACT name registered in the dns servers. www.contoso.com is NOT identical to contoso.com ! wildcard certs work for *.contoso.com, but they're much more expensive.
0
 
LVL 5

Author Closing Comment

by:deibel
ID: 33834163
.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Know what services you can and cannot, should and should not combine on your server.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question