?
Solved

SBS 2008 Add Certificate

Posted on 2012-09-06
11
Medium Priority
?
1,481 Views
Last Modified: 2012-09-18
Ok here is my issue.  I just took over a network recently, and the main DC runs SBS 2008.  A few days ago, the self signed certificate that was used to access remote web workplace as well as exchange has expired.  I attempted to renew it through the fix my network wizard, which fails, as well as a few other methods.  I eventually bought a third party cert from the company they use for hosting which is justhost.com  I can't seem to get either of these certs working in order to get our site back up.  Exchange works but it gives an annoying error about the certificate.  When trying to import the new cert, it tells me that the certificate does not match my website.
0
Comment
Question by:deshaunstyles
  • 5
  • 5
11 Comments
 
LVL 2

Expert Comment

by:Ganpar
ID: 38372138
Avoid illegal characters
Make sure you do not have any illegal characters in any of the fields in the CSR. Illegal characters are [! @ # $ % ^ ( ) ~ ? > < & / \ , . " ']

The SBS wizard pulls company name exactly the way it was entered during initial setup and does not check or warn about these characters (ie. O'Reilly Inc.). A certificate generated from that CSR will fail to install with "The imported certificate does not match your Web site. Verify that you selected the correct certificate file, and then try again."
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38372666
The name selected with the "Configure your Internet Address" wizard (default = remote.yourdomain.abc), the FQDN of your site, and the certificate must all match EXACTLY.

The following article outlines how to renew the certificate on SBS 2008/2011
http://blog.lan-tech.ca/2012/03/03/sbs-20082011-renew-3rd-party-certificate/
0
 
LVL 1

Author Comment

by:deshaunstyles
ID: 38387366
I tried to renew the self-signed certificate as well.  It tells me "Cannot create a new certificate.  Restart the Certificate Authority service, and then try again."
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 38388657
Normally if you want to renew the self signed cert you simply run the configure your internet address, but if you have installed a 3rd party certificate that will not work.  The following two links address that:
http://titlerequired.com/2011/12/07/quick-fix-sbs-2008-sites-self-signed-certificate-expired/
http://msmvps.com/blogs/bradley/archive/2011/10/27/fixing-a-bit-of-thumbprints.aspx
0
 
LVL 1

Author Comment

by:deshaunstyles
ID: 38391303
This led me to figuring out how to create a new certificate.  Now my problem is that the new certificate is showing up in the certificate authority "issued tickets" folder.  But I can't find it when im trying to add it.  I found it in the pending request folder and right clicked and told it to issue.  I found it in the issued folder and exported a .cer file and double clicked that and told it to install.  It is simply not showing up after all of that.  Not sure what i'm doing wrong here.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38405313
>>"Not sure what i'm doing wrong here."
As mentioned SBS has very specific ways for doing this, and wizard to make it easy.  You have used about 3 alternate methods, that either do not work or require a lot of user intervention. And I am not certain I can help to fully repair.
The certificate needs to be in the trusted root certificate folder and you will need to import it the in IIS7 console (click on server and certificates in middle window).  I don't know that this will properly bind it to the websites.
You would be better to follow the steps in the link provided and have the vendor rekey the certificate.
0
 
LVL 1

Author Comment

by:deshaunstyles
ID: 38410473
I figured it out for the most part.  I am getting the external cert re-keyed but in the meantime I was able to create internal cert in exchange console.  I was able to bind it to the site and create a link for users to install temporarily.  Thanks for all the tips, I have learned a lot about SBS and certificates.
0
 
LVL 1

Author Comment

by:deshaunstyles
ID: 38410512
I've requested that this question be closed as follows:

Accepted answer: 0 points for deshaunstyles's comment #a38410473

for the following reason:

The tips from other members led me to eventually figuring out my own solution.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38410513
If "tips from other members led me to eventually figuring out my own solution." then why are you not awarding points?
0
 
LVL 1

Author Comment

by:deshaunstyles
ID: 38410667
I just realized that this site has a scoring system.  I had not even thought of it in that capacity.  I am very new here and have no previous experience with how things work.  I will accept the tips that helped me.  Sorry for being a noob.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38410756
No problem, I apologize I should have looked at your profile and realized you were a new member.  Welcome to Experts-Exchange and sorry to have started off on the wrong foot.
It just seemed odd to credit other members but not award points.  The points don't really mean much but the acknowledgment is always appreciated.

Thanks deshaunstyles and best of luck!
--Rob
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses
Course of the Month16 days, 21 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question