deshaunstyles
asked on
SBS 2008 Add Certificate
Ok here is my issue. I just took over a network recently, and the main DC runs SBS 2008. A few days ago, the self signed certificate that was used to access remote web workplace as well as exchange has expired. I attempted to renew it through the fix my network wizard, which fails, as well as a few other methods. I eventually bought a third party cert from the company they use for hosting which is justhost.com I can't seem to get either of these certs working in order to get our site back up. Exchange works but it gives an annoying error about the certificate. When trying to import the new cert, it tells me that the certificate does not match my website.
The name selected with the "Configure your Internet Address" wizard (default = remote.yourdomain.abc), the FQDN of your site, and the certificate must all match EXACTLY.
The following article outlines how to renew the certificate on SBS 2008/2011
http://blog.lan-tech.ca/2012/03/03/sbs-20082011-renew-3rd-party-certificate/
The following article outlines how to renew the certificate on SBS 2008/2011
http://blog.lan-tech.ca/2012/03/03/sbs-20082011-renew-3rd-party-certificate/
ASKER
I tried to renew the self-signed certificate as well. It tells me "Cannot create a new certificate. Restart the Certificate Authority service, and then try again."
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This led me to figuring out how to create a new certificate. Now my problem is that the new certificate is showing up in the certificate authority "issued tickets" folder. But I can't find it when im trying to add it. I found it in the pending request folder and right clicked and told it to issue. I found it in the issued folder and exported a .cer file and double clicked that and told it to install. It is simply not showing up after all of that. Not sure what i'm doing wrong here.
>>"Not sure what i'm doing wrong here."
As mentioned SBS has very specific ways for doing this, and wizard to make it easy. You have used about 3 alternate methods, that either do not work or require a lot of user intervention. And I am not certain I can help to fully repair.
The certificate needs to be in the trusted root certificate folder and you will need to import it the in IIS7 console (click on server and certificates in middle window). I don't know that this will properly bind it to the websites.
You would be better to follow the steps in the link provided and have the vendor rekey the certificate.
As mentioned SBS has very specific ways for doing this, and wizard to make it easy. You have used about 3 alternate methods, that either do not work or require a lot of user intervention. And I am not certain I can help to fully repair.
The certificate needs to be in the trusted root certificate folder and you will need to import it the in IIS7 console (click on server and certificates in middle window). I don't know that this will properly bind it to the websites.
You would be better to follow the steps in the link provided and have the vendor rekey the certificate.
ASKER
I figured it out for the most part. I am getting the external cert re-keyed but in the meantime I was able to create internal cert in exchange console. I was able to bind it to the site and create a link for users to install temporarily. Thanks for all the tips, I have learned a lot about SBS and certificates.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for deshaunstyles's comment #a38410473
for the following reason:
The tips from other members led me to eventually figuring out my own solution.
Accepted answer: 0 points for deshaunstyles's comment #a38410473
for the following reason:
The tips from other members led me to eventually figuring out my own solution.
If "tips from other members led me to eventually figuring out my own solution." then why are you not awarding points?
ASKER
I just realized that this site has a scoring system. I had not even thought of it in that capacity. I am very new here and have no previous experience with how things work. I will accept the tips that helped me. Sorry for being a noob.
No problem, I apologize I should have looked at your profile and realized you were a new member. Welcome to Experts-Exchange and sorry to have started off on the wrong foot.
It just seemed odd to credit other members but not award points. The points don't really mean much but the acknowledgment is always appreciated.
Thanks deshaunstyles and best of luck!
--Rob
It just seemed odd to credit other members but not award points. The points don't really mean much but the acknowledgment is always appreciated.
Thanks deshaunstyles and best of luck!
--Rob
Make sure you do not have any illegal characters in any of the fields in the CSR. Illegal characters are [! @ # $ % ^ ( ) ~ ? > < & / \ , . " ']
The SBS wizard pulls company name exactly the way it was entered during initial setup and does not check or warn about these characters (ie. O'Reilly Inc.). A certificate generated from that CSR will fail to install with "The imported certificate does not match your Web site. Verify that you selected the correct certificate file, and then try again."