Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to setup self signed ssl certificate on sbs 2008

Posted on 2010-11-16
17
Medium Priority
?
565 Views
Last Modified: 2012-05-10
I haven't setup a RWW before.  But since it's over https, there needs to be a server certificate huh?  The people I'm helping with them server aren't going to buy a certificate.  So how can I create/setup/install/deploy or whatever its called on the server and then how do I install the certificates on the client when they try to connect to https://www.company.com/remote or https://www.company.com/owa?

thanks!
0
Comment
Question by:Malamamoto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 3
17 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1000 total points
ID: 34144519
On SBS 2008 just run the "Configure your internet address" wizard and it will automatically create the certificate. Then to distribute it to your client machines see the following link:
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
It is automatically added to domain joined machines.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144534
If interested a purchased certificate makes life easier in that you do not have to install it on remote computers. The real advantage is you don't have to install it on smart devices like phones. The certificate runs about $30
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
If you do not have a static public IP you can still set it up using a DDNS service:
http://www.lan-2-wan.com/DDNS1.htm
0
 
LVL 1

Assisted Solution

by:smbict
smbict earned 1000 total points
ID: 34144535
Yes, it's as simple as RobWill tells you.
BTW: The package for distribution to clients who are not joined to your domain and (Windows) smartphones is in the following path on your server:
\\<servername>\public\Downloads\
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Malamamoto
ID: 34144565
Oh, that all sounds simple enough.  :)  I already ran the wizard with the external domain name.  :)

Also, how do I install the certificate to a mobile device like an iphone?
0
 

Author Comment

by:Malamamoto
ID: 34144595
Also, I updated the domain name for the certificate via the wizard. But the file modify date for the "certification installation package" didn't change.  Is there something that I need to do to update the installation package with the new certificate that was created via the wizard?

thanks!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144603
The file is a zip file. Unzip it copy it to your phone and click on it to install.
Sounds simple eh :-)  That part is why you want a purchased certificate. It works fine on 50% of phones but others have custom methods for installing and still others have blocks so you can't install an unknown certificate and you have to 'hack' the phone to install.
The purchased certificate is from an authority known to the phone so it is automatically accepted and does not have to be installed.
0
 

Author Comment

by:Malamamoto
ID: 34144608
is the iphone one of the phones that won't work?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144609
I am not sure if the wizard updates the certificate. I would copy the existing one to another folder, delete it from the default folder, and re-run the wizard. It should then create a new one.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144618
Haven't tried the iPhone with the self signed certificate. Based on experience and my knowledge of the iPhone, which is limited, I would say it would work fine on the iPhone.

>$30 a year for the certificate is money well spent. It makes life so easy.
0
 

Author Comment

by:Malamamoto
ID: 34144627
Nope it didn't update the install files. :(
0
 
LVL 1

Assisted Solution

by:smbict
smbict earned 1000 total points
ID: 34144632
iPhone will work as one of the best devices with Exchange Activesync!
If you setup the Exchange account manual on your iPhone (it is going to search for Exchange autodiscover, which takes some time), it asks you to definitively accept the certificate. If you do that, it works like a charm.

Furthermore you better install the latest Exchange 2007 Rollup (10, I guess), for proper autodiscover configuration without errors
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 1000 total points
ID: 34144650
Maybe just leave the original files there. According to the following link; " Each time you run the IAMW, this certificate package is updated."
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx

You can test by connecting externally to the RWW page and click on the certificate icon (pad lock) and choose view certificate.
0
 

Author Comment

by:Malamamoto
ID: 34144670
Yup, it updated the certfication.  I installed the certificate and it worked nicely.

I'm not familiar with iPhones either.  but I'm glad to hear it works nicely with exchange activesync.  What about Andrids?  :)

Also, I was having problems with exchange, so I installed SP 3 just now.  Do I need to install the Rollup in addtion to SP3?

Thanks so much for both of your help.  You hit on all the information I needed!  I consider this questions closed....but I'd like to hear (as well as others too) the answers to those last questions.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144727
Androids should work fine too. It is more thinks like Palm devices, and less known phone O/S's that are problems.

The other issue is you or another user switches remote computers and forgets to first get the self-signed cert and then cannot set up the new PC.
SP3 should cover most if not all of the rollups. There should be a list on the page from which you downloaded. There are SBS patches and rollups as well. WSUS in the SBS console will eventually pick these up.
0
 

Author Closing Comment

by:Malamamoto
ID: 34144752
Thanks for your help.  All the info you gave was exactly what I needed....and more!
0
 
LVL 1

Expert Comment

by:smbict
ID: 34144756
No need for Rollup 10 if you install SP3.
In addition to RobWill: WSUS picks up updates, but some of them do you have to manually acknowledge via WSUS in the SBS-console if you use the standard-SBS-settings.
The Exchange rollup I mentioned is one of them (optional update).

Glad to hear you are helped with this.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144779
Thanks Malamamoto.
Cheers!
--Rob
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question