Solved

SBS 2011 ssl certificate exchange error messages remote.domain.com vs. mail.domain.com

Posted on 2013-06-24
5
1,593 Views
Last Modified: 2013-06-25
Working on an SBS 2011 system I just started taking over from someone else, so not 100% sure how things are set up.  more like 1%.

A user needed a laptop out of the office set up for exchange access.  Didn't appear that there's a real SSL cert (you get a warning about the cert when you go to https://mail.domain.com/owa.

So I got a cert for mail.domain.com

now users in the office on outlook are getting a warning about the cert for remote.domain.com not having the right name. when you view details, it is my mail.domain.com cert.

When I look at exchange settings in outlook, the mail server is listed as mail.domain.local.

so not sure where remote.domain.com is coming into the mix?

any advice (there is a remote.domain.com self signed cert in the list of certs.

I added another site binding for https / 443 / with the LAN IP address.  now there are 3 https bindings

127.0.0.1 >> uses remote.domain.com cert (this entry was set up before)
192.168.1.3  >> uses remote.domain.com (this is a new one I just added)
*   >>  uses my new mail.domain.com cert (I added this entry earlier today based on the SSL issuer telling me to.)
0
Comment
  • 3
5 Comments
 
LVL 38

Accepted Solution

by:
Philip Elder earned 250 total points
ID: 39272395
Did you use the Third Party Trusted Certificate Wizard in the SBS Console to create the CSR?

SBS is Wizard driven. The Internet Address Wizard would have been used (hopefully?) to set the remote access URL that is used for all inbound services.

EDIT: BTW, please do not manually make changes to anything in SBS. That breaks things.

Philip
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 250 total points
ID: 39272581
Did you buy a single name SSL certificate or a UCC (multiple name certificate).

You generally need a UCC certificate to keep SBS happy.

Alan
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39272656
We use the standard GoDaddy certificates (codes can be found for $12/Year) with no issues on all manners of SBS Standard.

The main thing is to make sure that the wizards were used to configure the server.

GoDaddy NOTE: The gd_cross_intermediate and gd_intermediate certificates should be installed _prior_ to running the CSR to import the final GD cert. Otherwise RD Gateway will have flaky connectivity.

Philip
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39273535
Phil: I followed the instructions for IIS which was manual.  I saw the wizard later, after I think I got it working

alan: Yes, single.  I guess that's the problem.

Phil: standard for $13? rather than the listed $60?  ANd which standard do you get? 'single domain' (that is used for 1 subdomain I would think since they offer single domain with unlimited subdomains for $199) or multiple domains UCC - Alan, that's the only one that mentions UCC.

Any thinking on why there is the need for those gd intermediate certs? more secure? it complicates things.

thanks.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39273780
If a GoDaddy certificate is installed on-the-fly without the Intermediates first the certificate chain needs to be tweaked.

So, a series of GoDaddy Intermediate and Trusted Root certificates get downloaded and installed with the new cert.

Problem is, they break things. Especially in RD Gateway which is a key service in SBS STD.

Yes, the standard GoDaddy SSL certificate (not UCC) can be had for less than the $60 list. All one needs is a bit of search foo. :)

Philip
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now