Solved

how to setup self signed ssl certificate on sbs 2008

Posted on 2010-11-16
17
552 Views
Last Modified: 2012-05-10
I haven't setup a RWW before.  But since it's over https, there needs to be a server certificate huh?  The people I'm helping with them server aren't going to buy a certificate.  So how can I create/setup/install/deploy or whatever its called on the server and then how do I install the certificates on the client when they try to connect to https://www.company.com/remote or https://www.company.com/owa?

thanks!
0
Comment
Question by:Malamamoto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 3
17 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 34144519
On SBS 2008 just run the "Configure your internet address" wizard and it will automatically create the certificate. Then to distribute it to your client machines see the following link:
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
It is automatically added to domain joined machines.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144534
If interested a purchased certificate makes life easier in that you do not have to install it on remote computers. The real advantage is you don't have to install it on smart devices like phones. The certificate runs about $30
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
If you do not have a static public IP you can still set it up using a DDNS service:
http://www.lan-2-wan.com/DDNS1.htm
0
 
LVL 1

Assisted Solution

by:smbict
smbict earned 250 total points
ID: 34144535
Yes, it's as simple as RobWill tells you.
BTW: The package for distribution to clients who are not joined to your domain and (Windows) smartphones is in the following path on your server:
\\<servername>\public\Downloads\
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Malamamoto
ID: 34144565
Oh, that all sounds simple enough.  :)  I already ran the wizard with the external domain name.  :)

Also, how do I install the certificate to a mobile device like an iphone?
0
 

Author Comment

by:Malamamoto
ID: 34144595
Also, I updated the domain name for the certificate via the wizard. But the file modify date for the "certification installation package" didn't change.  Is there something that I need to do to update the installation package with the new certificate that was created via the wizard?

thanks!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144603
The file is a zip file. Unzip it copy it to your phone and click on it to install.
Sounds simple eh :-)  That part is why you want a purchased certificate. It works fine on 50% of phones but others have custom methods for installing and still others have blocks so you can't install an unknown certificate and you have to 'hack' the phone to install.
The purchased certificate is from an authority known to the phone so it is automatically accepted and does not have to be installed.
0
 

Author Comment

by:Malamamoto
ID: 34144608
is the iphone one of the phones that won't work?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144609
I am not sure if the wizard updates the certificate. I would copy the existing one to another folder, delete it from the default folder, and re-run the wizard. It should then create a new one.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144618
Haven't tried the iPhone with the self signed certificate. Based on experience and my knowledge of the iPhone, which is limited, I would say it would work fine on the iPhone.

>$30 a year for the certificate is money well spent. It makes life so easy.
0
 

Author Comment

by:Malamamoto
ID: 34144627
Nope it didn't update the install files. :(
0
 
LVL 1

Assisted Solution

by:smbict
smbict earned 250 total points
ID: 34144632
iPhone will work as one of the best devices with Exchange Activesync!
If you setup the Exchange account manual on your iPhone (it is going to search for Exchange autodiscover, which takes some time), it asks you to definitively accept the certificate. If you do that, it works like a charm.

Furthermore you better install the latest Exchange 2007 Rollup (10, I guess), for proper autodiscover configuration without errors
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 34144650
Maybe just leave the original files there. According to the following link; " Each time you run the IAMW, this certificate package is updated."
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx

You can test by connecting externally to the RWW page and click on the certificate icon (pad lock) and choose view certificate.
0
 

Author Comment

by:Malamamoto
ID: 34144670
Yup, it updated the certfication.  I installed the certificate and it worked nicely.

I'm not familiar with iPhones either.  but I'm glad to hear it works nicely with exchange activesync.  What about Andrids?  :)

Also, I was having problems with exchange, so I installed SP 3 just now.  Do I need to install the Rollup in addtion to SP3?

Thanks so much for both of your help.  You hit on all the information I needed!  I consider this questions closed....but I'd like to hear (as well as others too) the answers to those last questions.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144727
Androids should work fine too. It is more thinks like Palm devices, and less known phone O/S's that are problems.

The other issue is you or another user switches remote computers and forgets to first get the self-signed cert and then cannot set up the new PC.
SP3 should cover most if not all of the rollups. There should be a list on the page from which you downloaded. There are SBS patches and rollups as well. WSUS in the SBS console will eventually pick these up.
0
 

Author Closing Comment

by:Malamamoto
ID: 34144752
Thanks for your help.  All the info you gave was exactly what I needed....and more!
0
 
LVL 1

Expert Comment

by:smbict
ID: 34144756
No need for Rollup 10 if you install SP3.
In addition to RobWill: WSUS picks up updates, but some of them do you have to manually acknowledge via WSUS in the SBS-console if you use the standard-SBS-settings.
The Exchange rollup I mentioned is one of them (optional update).

Glad to hear you are helped with this.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34144779
Thanks Malamamoto.
Cheers!
--Rob
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question