Solved

how to setup self signed ssl certificate on sbs 2008

Posted on 2010-11-16
17
541 Views
Last Modified: 2012-05-10
I haven't setup a RWW before.  But since it's over https, there needs to be a server certificate huh?  The people I'm helping with them server aren't going to buy a certificate.  So how can I create/setup/install/deploy or whatever its called on the server and then how do I install the certificates on the client when they try to connect to https://www.company.com/remote or https://www.company.com/owa?

thanks!
0
Comment
Question by:Malamamoto
  • 8
  • 6
  • 3
17 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
Comment Utility
On SBS 2008 just run the "Configure your internet address" wizard and it will automatically create the certificate. Then to distribute it to your client machines see the following link:
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
It is automatically added to domain joined machines.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
If interested a purchased certificate makes life easier in that you do not have to install it on remote computers. The real advantage is you don't have to install it on smart devices like phones. The certificate runs about $30
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
If you do not have a static public IP you can still set it up using a DDNS service:
http://www.lan-2-wan.com/DDNS1.htm
0
 
LVL 1

Assisted Solution

by:smbict
smbict earned 250 total points
Comment Utility
Yes, it's as simple as RobWill tells you.
BTW: The package for distribution to clients who are not joined to your domain and (Windows) smartphones is in the following path on your server:
\\<servername>\public\Downloads\
0
 

Author Comment

by:Malamamoto
Comment Utility
Oh, that all sounds simple enough.  :)  I already ran the wizard with the external domain name.  :)

Also, how do I install the certificate to a mobile device like an iphone?
0
 

Author Comment

by:Malamamoto
Comment Utility
Also, I updated the domain name for the certificate via the wizard. But the file modify date for the "certification installation package" didn't change.  Is there something that I need to do to update the installation package with the new certificate that was created via the wizard?

thanks!
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
The file is a zip file. Unzip it copy it to your phone and click on it to install.
Sounds simple eh :-)  That part is why you want a purchased certificate. It works fine on 50% of phones but others have custom methods for installing and still others have blocks so you can't install an unknown certificate and you have to 'hack' the phone to install.
The purchased certificate is from an authority known to the phone so it is automatically accepted and does not have to be installed.
0
 

Author Comment

by:Malamamoto
Comment Utility
is the iphone one of the phones that won't work?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
I am not sure if the wizard updates the certificate. I would copy the existing one to another folder, delete it from the default folder, and re-run the wizard. It should then create a new one.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Haven't tried the iPhone with the self signed certificate. Based on experience and my knowledge of the iPhone, which is limited, I would say it would work fine on the iPhone.

>$30 a year for the certificate is money well spent. It makes life so easy.
0
 

Author Comment

by:Malamamoto
Comment Utility
Nope it didn't update the install files. :(
0
 
LVL 1

Assisted Solution

by:smbict
smbict earned 250 total points
Comment Utility
iPhone will work as one of the best devices with Exchange Activesync!
If you setup the Exchange account manual on your iPhone (it is going to search for Exchange autodiscover, which takes some time), it asks you to definitively accept the certificate. If you do that, it works like a charm.

Furthermore you better install the latest Exchange 2007 Rollup (10, I guess), for proper autodiscover configuration without errors
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
Comment Utility
Maybe just leave the original files there. According to the following link; " Each time you run the IAMW, this certificate package is updated."
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx

You can test by connecting externally to the RWW page and click on the certificate icon (pad lock) and choose view certificate.
0
 

Author Comment

by:Malamamoto
Comment Utility
Yup, it updated the certfication.  I installed the certificate and it worked nicely.

I'm not familiar with iPhones either.  but I'm glad to hear it works nicely with exchange activesync.  What about Andrids?  :)

Also, I was having problems with exchange, so I installed SP 3 just now.  Do I need to install the Rollup in addtion to SP3?

Thanks so much for both of your help.  You hit on all the information I needed!  I consider this questions closed....but I'd like to hear (as well as others too) the answers to those last questions.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Androids should work fine too. It is more thinks like Palm devices, and less known phone O/S's that are problems.

The other issue is you or another user switches remote computers and forgets to first get the self-signed cert and then cannot set up the new PC.
SP3 should cover most if not all of the rollups. There should be a list on the page from which you downloaded. There are SBS patches and rollups as well. WSUS in the SBS console will eventually pick these up.
0
 

Author Closing Comment

by:Malamamoto
Comment Utility
Thanks for your help.  All the info you gave was exactly what I needed....and more!
0
 
LVL 1

Expert Comment

by:smbict
Comment Utility
No need for Rollup 10 if you install SP3.
In addition to RobWill: WSUS picks up updates, but some of them do you have to manually acknowledge via WSUS in the SBS-console if you use the standard-SBS-settings.
The Exchange rollup I mentioned is one of them (optional update).

Glad to hear you are helped with this.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Thanks Malamamoto.
Cheers!
--Rob
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now