Solved

SBS 2011 ssl certificate exchange error messages remote.domain.com vs. mail.domain.com

Posted on 2013-06-24
5
1,607 Views
Last Modified: 2013-06-25
Working on an SBS 2011 system I just started taking over from someone else, so not 100% sure how things are set up.  more like 1%.

A user needed a laptop out of the office set up for exchange access.  Didn't appear that there's a real SSL cert (you get a warning about the cert when you go to https://mail.domain.com/owa.

So I got a cert for mail.domain.com

now users in the office on outlook are getting a warning about the cert for remote.domain.com not having the right name. when you view details, it is my mail.domain.com cert.

When I look at exchange settings in outlook, the mail server is listed as mail.domain.local.

so not sure where remote.domain.com is coming into the mix?

any advice (there is a remote.domain.com self signed cert in the list of certs.

I added another site binding for https / 443 / with the LAN IP address.  now there are 3 https bindings

127.0.0.1 >> uses remote.domain.com cert (this entry was set up before)
192.168.1.3  >> uses remote.domain.com (this is a new one I just added)
*   >>  uses my new mail.domain.com cert (I added this entry earlier today based on the SSL issuer telling me to.)
0
Comment
  • 3
5 Comments
 
LVL 38

Accepted Solution

by:
Philip Elder earned 250 total points
ID: 39272395
Did you use the Third Party Trusted Certificate Wizard in the SBS Console to create the CSR?

SBS is Wizard driven. The Internet Address Wizard would have been used (hopefully?) to set the remote access URL that is used for all inbound services.

EDIT: BTW, please do not manually make changes to anything in SBS. That breaks things.

Philip
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 250 total points
ID: 39272581
Did you buy a single name SSL certificate or a UCC (multiple name certificate).

You generally need a UCC certificate to keep SBS happy.

Alan
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39272656
We use the standard GoDaddy certificates (codes can be found for $12/Year) with no issues on all manners of SBS Standard.

The main thing is to make sure that the wizards were used to configure the server.

GoDaddy NOTE: The gd_cross_intermediate and gd_intermediate certificates should be installed _prior_ to running the CSR to import the final GD cert. Otherwise RD Gateway will have flaky connectivity.

Philip
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39273535
Phil: I followed the instructions for IIS which was manual.  I saw the wizard later, after I think I got it working

alan: Yes, single.  I guess that's the problem.

Phil: standard for $13? rather than the listed $60?  ANd which standard do you get? 'single domain' (that is used for 1 subdomain I would think since they offer single domain with unlimited subdomains for $199) or multiple domains UCC - Alan, that's the only one that mentions UCC.

Any thinking on why there is the need for those gd intermediate certs? more secure? it complicates things.

thanks.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39273780
If a GoDaddy certificate is installed on-the-fly without the Intermediates first the certificate chain needs to be tweaked.

So, a series of GoDaddy Intermediate and Trusted Root certificates get downloaded and installed with the new cert.

Problem is, they break things. Especially in RD Gateway which is a key service in SBS STD.

Yes, the standard GoDaddy SSL certificate (not UCC) can be had for less than the $60 list. All one needs is a bit of search foo. :)

Philip
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now