Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 707
  • Last Modified:

SBS 2008 Remotewebworkplace w.o. certificate

Hi Experts,

on SBS 2003 it wasnt necessary to import the servers sefsigned certificate into a client computer to use remote webworkplace an connect to a desktop pc. i just clicked away the warning and it worked.

since SBS2008 this isnt possible anymore. i can use owa but cant connect to a desktop pc. i have to install the certificate from \\sbs2008\public\downloads. after that it works.

but what, if the user wants to connect from a machine in an internetcafe and cant install the cert.

thanks in advance
0
deibel
Asked:
deibel
6 Solutions
 
Glen KnightCommented:
Quite possibly the name on the certificate doesn't match the name you are requesting from the server which is why Internet Explorer is rejecting it, it has nothing to do with SBS2008 this isn't preventing the access it's the client machine.

You need to make sure the certificate matches the URL you are using to access the server, or simply purchase an SSL Certficiate, for around $90 per year for a SAN/UCC certificate that is required for SBS2008/Exchange2007
0
 
J0shJ0shCommented:
Just for some clarification -

When you purchase a cert as described by demazter you no longer have to install it everywhere.  You only have to install because its self signed and as demazter describes you are not matching names correctly....

Shorty story, buy a cert!
0
 
jdewaardCommented:
Just to clarify more.  Even if the URL matchs what's on the certificate, your SBS server is still not a Trusted Certificate Authority for random public computers.  As such, you will still get an error and have to install the certificate manually.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
FL4TJMCommented:
In 2008 pretty sure no can do...from my experience in installing several 2008 SBS servers over last coule months you MUST issue the cert for install to the client PC to access Remote Web. Actually very nice from a security standpoint but does rule out access from public PC's. The Server even creates a zip folder with the cert and installer to facilitate install by not so tech savvy users. Server generated Cert works fine but the cert name and url MUST match if they were not setup that way in DNS you can always add a local HOSTS file entry on the remote client PC
0
 
J0shJ0shCommented:
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
 If you follow this article and get it done right it elimates the needs to install the cert on remote machines.
  However you still have to install the active X in IE so public PC option is still not always a given.

http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
This post describes what you are doing today.  This is not required with a purchased SSL Cert.
0
 
sbs-mixCommented:
you have to spend some $$$ for a certificate, that's your only way out if you want the user to connect from anywhere.
idea is that the cert has to be issued by a recognized certification authority. some browsers automatically recognize those paid for certificates, so you should take a look at this when picking urs. I bought alphaSSL certs for around 25 $ a year, the cheapest i found on the net, and it's pretty well recognized by half a dozen browsers.
you should watch out to buy a cert with the EXACT name registered in the dns servers. www.contoso.com is NOT identical to contoso.com ! wildcard certs work for *.contoso.com, but they're much more expensive.
0
 
deibelAuthor Commented:
.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now