Solved

SBS 2011 ssl certificate exchange error messages remote.domain.com vs. mail.domain.com

Posted on 2013-06-24
5
1,663 Views
Last Modified: 2013-06-25
Working on an SBS 2011 system I just started taking over from someone else, so not 100% sure how things are set up.  more like 1%.

A user needed a laptop out of the office set up for exchange access.  Didn't appear that there's a real SSL cert (you get a warning about the cert when you go to https://mail.domain.com/owa.

So I got a cert for mail.domain.com

now users in the office on outlook are getting a warning about the cert for remote.domain.com not having the right name. when you view details, it is my mail.domain.com cert.

When I look at exchange settings in outlook, the mail server is listed as mail.domain.local.

so not sure where remote.domain.com is coming into the mix?

any advice (there is a remote.domain.com self signed cert in the list of certs.

I added another site binding for https / 443 / with the LAN IP address.  now there are 3 https bindings

127.0.0.1 >> uses remote.domain.com cert (this entry was set up before)
192.168.1.3  >> uses remote.domain.com (this is a new one I just added)
*   >>  uses my new mail.domain.com cert (I added this entry earlier today based on the SSL issuer telling me to.)
0
Comment
  • 3
5 Comments
 
LVL 38

Accepted Solution

by:
Philip Elder earned 250 total points
ID: 39272395
Did you use the Third Party Trusted Certificate Wizard in the SBS Console to create the CSR?

SBS is Wizard driven. The Internet Address Wizard would have been used (hopefully?) to set the remote access URL that is used for all inbound services.

EDIT: BTW, please do not manually make changes to anything in SBS. That breaks things.

Philip
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 250 total points
ID: 39272581
Did you buy a single name SSL certificate or a UCC (multiple name certificate).

You generally need a UCC certificate to keep SBS happy.

Alan
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39272656
We use the standard GoDaddy certificates (codes can be found for $12/Year) with no issues on all manners of SBS Standard.

The main thing is to make sure that the wizards were used to configure the server.

GoDaddy NOTE: The gd_cross_intermediate and gd_intermediate certificates should be installed _prior_ to running the CSR to import the final GD cert. Otherwise RD Gateway will have flaky connectivity.

Philip
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39273535
Phil: I followed the instructions for IIS which was manual.  I saw the wizard later, after I think I got it working

alan: Yes, single.  I guess that's the problem.

Phil: standard for $13? rather than the listed $60?  ANd which standard do you get? 'single domain' (that is used for 1 subdomain I would think since they offer single domain with unlimited subdomains for $199) or multiple domains UCC - Alan, that's the only one that mentions UCC.

Any thinking on why there is the need for those gd intermediate certs? more secure? it complicates things.

thanks.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39273780
If a GoDaddy certificate is installed on-the-fly without the Intermediates first the certificate chain needs to be tweaked.

So, a series of GoDaddy Intermediate and Trusted Root certificates get downloaded and installed with the new cert.

Problem is, they break things. Especially in RD Gateway which is a key service in SBS STD.

Yes, the standard GoDaddy SSL certificate (not UCC) can be had for less than the $60 list. All one needs is a bit of search foo. :)

Philip
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question