• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1077
  • Last Modified:

SBS 2008 certificate problem

Using self-signed certificate with SBS 2008.  Had to renew the certificate because of expiration and now I can't get the new one packaged in the public downloads folder.

I read running the fix my network task would do this, but it doesn't.  Is there a manual way to initiate this?
1 Solution
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Run the Internet Address Wizard.

Save yourself the heartache with the self-signed cert and get an inexpensive GoDaddy or other third party cert.

bwanderAuthor Commented:
I did that and it did not update the cert package in the public downloads folder.
Accessing the RWW, check the details of certificate that has been hosted by IIS, is it expired?

Run the "Fix My Network Wizard" under the connectivity tab of Network (SBS Console), this would have picked up the expired certificate and recreated it for you.

You should not need to redistribute the certificate installer to existing machines once you have ran the wizard.
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

bwanderAuthor Commented:
I have a valid certificate now and domain joined machines don't have an issue.  I have non-domain joined machines (remote workers) who I have to manually distribute the certificate to.

That's why Windows puts the certificate installer package in the Public\Downloads folder.  

The problem I have is that package has not been updated.  Neither the Fix My Network, nor Internet Address Wizard updates the package.

I appreciate the suggestion to go with a third party cert, but that doesn't really address the issue.
Cliff GaliherCommented:
The package does not need to be updated. The wizard (when things work properly) *renews* the existing certificate, thus the existing package with the public side of the key continues to work as expected. Remember that with PKI certs, a private key can be renewed while keeping the public key the same, which is what the wizards do in this instance.

If you have suffered some corruption and this isn't working as expected then you need to go into the computer certificate store using the certificates snap-in, delete the certificates, delete the package, rerun the IAMW to generate a new cert and create the public package, then rerun the FMNW to fix IIS and the other places where the new certificate will be used.

Hope that helps,

bwanderAuthor Commented:
I may have messed up the certificate for RWW when I renewed the expired certificate for Exchange - is that possible?

cgaliher - I'll try your suggestion and report back.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now