Solved

SBS 2008 Remotewebworkplace w.o. certificate

Posted on 2010-08-20
7
688 Views
Last Modified: 2012-05-10
Hi Experts,

on SBS 2003 it wasnt necessary to import the servers sefsigned certificate into a client computer to use remote webworkplace an connect to a desktop pc. i just clicked away the warning and it worked.

since SBS2008 this isnt possible anymore. i can use owa but cant connect to a desktop pc. i have to install the certificate from \\sbs2008\public\downloads. after that it works.

but what, if the user wants to connect from a machine in an internetcafe and cant install the cert.

thanks in advance
0
Comment
Question by:deibel
7 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 84 total points
ID: 33483782
Quite possibly the name on the certificate doesn't match the name you are requesting from the server which is why Internet Explorer is rejecting it, it has nothing to do with SBS2008 this isn't preventing the access it's the client machine.

You need to make sure the certificate matches the URL you are using to access the server, or simply purchase an SSL Certficiate, for around $90 per year for a SAN/UCC certificate that is required for SBS2008/Exchange2007
0
 
LVL 3

Assisted Solution

by:J0shJ0sh
J0shJ0sh earned 167 total points
ID: 33484553
Just for some clarification -

When you purchase a cert as described by demazter you no longer have to install it everywhere.  You only have to install because its self signed and as demazter describes you are not matching names correctly....

Shorty story, buy a cert!
0
 
LVL 2

Assisted Solution

by:jdewaard
jdewaard earned 83 total points
ID: 33487183
Just to clarify more.  Even if the URL matchs what's on the certificate, your SBS server is still not a Trusted Certificate Authority for random public computers.  As such, you will still get an error and have to install the certificate manually.
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 

Assisted Solution

by:FL4TJM
FL4TJM earned 83 total points
ID: 33487742
In 2008 pretty sure no can do...from my experience in installing several 2008 SBS servers over last coule months you MUST issue the cert for install to the client PC to access Remote Web. Actually very nice from a security standpoint but does rule out access from public PC's. The Server even creates a zip folder with the cert and installer to facilitate install by not so tech savvy users. Server generated Cert works fine but the cert name and url MUST match if they were not setup that way in DNS you can always add a local HOSTS file entry on the remote client PC
0
 
LVL 3

Assisted Solution

by:J0shJ0sh
J0shJ0sh earned 167 total points
ID: 33487881
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
 If you follow this article and get it done right it elimates the needs to install the cert on remote machines.
  However you still have to install the active X in IE so public PC option is still not always a given.

http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
This post describes what you are doing today.  This is not required with a purchased SSL Cert.
0
 
LVL 2

Assisted Solution

by:sbs-mix
sbs-mix earned 83 total points
ID: 33492285
you have to spend some $$$ for a certificate, that's your only way out if you want the user to connect from anywhere.
idea is that the cert has to be issued by a recognized certification authority. some browsers automatically recognize those paid for certificates, so you should take a look at this when picking urs. I bought alphaSSL certs for around 25 $ a year, the cheapest i found on the net, and it's pretty well recognized by half a dozen browsers.
you should watch out to buy a cert with the EXACT name registered in the dns servers. www.contoso.com is NOT identical to contoso.com ! wildcard certs work for *.contoso.com, but they're much more expensive.
0
 
LVL 5

Author Closing Comment

by:deibel
ID: 33834163
.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now