Solved

how to setup self signed ssl certificate on sbs 2008

Posted on 2010-11-16
17
544 Views
Last Modified: 2012-05-10
I haven't setup a RWW before.  But since it's over https, there needs to be a server certificate huh?  The people I'm helping with them server aren't going to buy a certificate.  So how can I create/setup/install/deploy or whatever its called on the server and then how do I install the certificates on the client when they try to connect to https://www.company.com/remote or https://www.company.com/owa?

thanks!
0
Comment
Question by:Malamamoto
  • 8
  • 6
  • 3
17 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 34144519
On SBS 2008 just run the "Configure your internet address" wizard and it will automatically create the certificate. Then to distribute it to your client machines see the following link:
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
It is automatically added to domain joined machines.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144534
If interested a purchased certificate makes life easier in that you do not have to install it on remote computers. The real advantage is you don't have to install it on smart devices like phones. The certificate runs about $30
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
If you do not have a static public IP you can still set it up using a DDNS service:
http://www.lan-2-wan.com/DDNS1.htm
0
 
LVL 1

Assisted Solution

by:smbict
smbict earned 250 total points
ID: 34144535
Yes, it's as simple as RobWill tells you.
BTW: The package for distribution to clients who are not joined to your domain and (Windows) smartphones is in the following path on your server:
\\<servername>\public\Downloads\
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 

Author Comment

by:Malamamoto
ID: 34144565
Oh, that all sounds simple enough.  :)  I already ran the wizard with the external domain name.  :)

Also, how do I install the certificate to a mobile device like an iphone?
0
 

Author Comment

by:Malamamoto
ID: 34144595
Also, I updated the domain name for the certificate via the wizard. But the file modify date for the "certification installation package" didn't change.  Is there something that I need to do to update the installation package with the new certificate that was created via the wizard?

thanks!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144603
The file is a zip file. Unzip it copy it to your phone and click on it to install.
Sounds simple eh :-)  That part is why you want a purchased certificate. It works fine on 50% of phones but others have custom methods for installing and still others have blocks so you can't install an unknown certificate and you have to 'hack' the phone to install.
The purchased certificate is from an authority known to the phone so it is automatically accepted and does not have to be installed.
0
 

Author Comment

by:Malamamoto
ID: 34144608
is the iphone one of the phones that won't work?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144609
I am not sure if the wizard updates the certificate. I would copy the existing one to another folder, delete it from the default folder, and re-run the wizard. It should then create a new one.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144618
Haven't tried the iPhone with the self signed certificate. Based on experience and my knowledge of the iPhone, which is limited, I would say it would work fine on the iPhone.

>$30 a year for the certificate is money well spent. It makes life so easy.
0
 

Author Comment

by:Malamamoto
ID: 34144627
Nope it didn't update the install files. :(
0
 
LVL 1

Assisted Solution

by:smbict
smbict earned 250 total points
ID: 34144632
iPhone will work as one of the best devices with Exchange Activesync!
If you setup the Exchange account manual on your iPhone (it is going to search for Exchange autodiscover, which takes some time), it asks you to definitively accept the certificate. If you do that, it works like a charm.

Furthermore you better install the latest Exchange 2007 Rollup (10, I guess), for proper autodiscover configuration without errors
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 34144650
Maybe just leave the original files there. According to the following link; " Each time you run the IAMW, this certificate package is updated."
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx

You can test by connecting externally to the RWW page and click on the certificate icon (pad lock) and choose view certificate.
0
 

Author Comment

by:Malamamoto
ID: 34144670
Yup, it updated the certfication.  I installed the certificate and it worked nicely.

I'm not familiar with iPhones either.  but I'm glad to hear it works nicely with exchange activesync.  What about Andrids?  :)

Also, I was having problems with exchange, so I installed SP 3 just now.  Do I need to install the Rollup in addtion to SP3?

Thanks so much for both of your help.  You hit on all the information I needed!  I consider this questions closed....but I'd like to hear (as well as others too) the answers to those last questions.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144727
Androids should work fine too. It is more thinks like Palm devices, and less known phone O/S's that are problems.

The other issue is you or another user switches remote computers and forgets to first get the self-signed cert and then cannot set up the new PC.
SP3 should cover most if not all of the rollups. There should be a list on the page from which you downloaded. There are SBS patches and rollups as well. WSUS in the SBS console will eventually pick these up.
0
 

Author Closing Comment

by:Malamamoto
ID: 34144752
Thanks for your help.  All the info you gave was exactly what I needed....and more!
0
 
LVL 1

Expert Comment

by:smbict
ID: 34144756
No need for Rollup 10 if you install SP3.
In addition to RobWill: WSUS picks up updates, but some of them do you have to manually acknowledge via WSUS in the SBS-console if you use the standard-SBS-settings.
The Exchange rollup I mentioned is one of them (optional update).

Glad to hear you are helped with this.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144779
Thanks Malamamoto.
Cheers!
--Rob
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question