Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS 2011 ssl certificate exchange error messages remote.domain.com vs. mail.domain.com

Posted on 2013-06-24
5
Medium Priority
?
1,844 Views
Last Modified: 2013-06-25
Working on an SBS 2011 system I just started taking over from someone else, so not 100% sure how things are set up.  more like 1%.

A user needed a laptop out of the office set up for exchange access.  Didn't appear that there's a real SSL cert (you get a warning about the cert when you go to https://mail.domain.com/owa.

So I got a cert for mail.domain.com

now users in the office on outlook are getting a warning about the cert for remote.domain.com not having the right name. when you view details, it is my mail.domain.com cert.

When I look at exchange settings in outlook, the mail server is listed as mail.domain.local.

so not sure where remote.domain.com is coming into the mix?

any advice (there is a remote.domain.com self signed cert in the list of certs.

I added another site binding for https / 443 / with the LAN IP address.  now there are 3 https bindings

127.0.0.1 >> uses remote.domain.com cert (this entry was set up before)
192.168.1.3  >> uses remote.domain.com (this is a new one I just added)
*   >>  uses my new mail.domain.com cert (I added this entry earlier today based on the SSL issuer telling me to.)
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 39

Accepted Solution

by:
Philip Elder earned 1000 total points
ID: 39272395
Did you use the Third Party Trusted Certificate Wizard in the SBS Console to create the CSR?

SBS is Wizard driven. The Internet Address Wizard would have been used (hopefully?) to set the remote access URL that is used for all inbound services.

EDIT: BTW, please do not manually make changes to anything in SBS. That breaks things.

Philip
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 1000 total points
ID: 39272581
Did you buy a single name SSL certificate or a UCC (multiple name certificate).

You generally need a UCC certificate to keep SBS happy.

Alan
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39272656
We use the standard GoDaddy certificates (codes can be found for $12/Year) with no issues on all manners of SBS Standard.

The main thing is to make sure that the wizards were used to configure the server.

GoDaddy NOTE: The gd_cross_intermediate and gd_intermediate certificates should be installed _prior_ to running the CSR to import the final GD cert. Otherwise RD Gateway will have flaky connectivity.

Philip
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39273535
Phil: I followed the instructions for IIS which was manual.  I saw the wizard later, after I think I got it working

alan: Yes, single.  I guess that's the problem.

Phil: standard for $13? rather than the listed $60?  ANd which standard do you get? 'single domain' (that is used for 1 subdomain I would think since they offer single domain with unlimited subdomains for $199) or multiple domains UCC - Alan, that's the only one that mentions UCC.

Any thinking on why there is the need for those gd intermediate certs? more secure? it complicates things.

thanks.
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39273780
If a GoDaddy certificate is installed on-the-fly without the Intermediates first the certificate chain needs to be tweaked.

So, a series of GoDaddy Intermediate and Trusted Root certificates get downloaded and installed with the new cert.

Problem is, they break things. Especially in RD Gateway which is a key service in SBS STD.

Yes, the standard GoDaddy SSL certificate (not UCC) can be had for less than the $60 list. All one needs is a bit of search foo. :)

Philip
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question