• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1997
  • Last Modified:

SBS 2011 ssl certificate exchange error messages remote.domain.com vs. mail.domain.com

Working on an SBS 2011 system I just started taking over from someone else, so not 100% sure how things are set up.  more like 1%.

A user needed a laptop out of the office set up for exchange access.  Didn't appear that there's a real SSL cert (you get a warning about the cert when you go to https://mail.domain.com/owa.

So I got a cert for mail.domain.com

now users in the office on outlook are getting a warning about the cert for remote.domain.com not having the right name. when you view details, it is my mail.domain.com cert.

When I look at exchange settings in outlook, the mail server is listed as mail.domain.local.

so not sure where remote.domain.com is coming into the mix?

any advice (there is a remote.domain.com self signed cert in the list of certs.

I added another site binding for https / 443 / with the LAN IP address.  now there are 3 https bindings >> uses remote.domain.com cert (this entry was set up before)  >> uses remote.domain.com (this is a new one I just added)
*   >>  uses my new mail.domain.com cert (I added this entry earlier today based on the SSL issuer telling me to.)
  • 3
2 Solutions
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Did you use the Third Party Trusted Certificate Wizard in the SBS Console to create the CSR?

SBS is Wizard driven. The Internet Address Wizard would have been used (hopefully?) to set the remote access URL that is used for all inbound services.

EDIT: BTW, please do not manually make changes to anything in SBS. That breaks things.

Alan HardistyCo-OwnerCommented:
Did you buy a single name SSL certificate or a UCC (multiple name certificate).

You generally need a UCC certificate to keep SBS happy.

Philip ElderTechnical Architect - HA/Compute/StorageCommented:
We use the standard GoDaddy certificates (codes can be found for $12/Year) with no issues on all manners of SBS Standard.

The main thing is to make sure that the wizards were used to configure the server.

GoDaddy NOTE: The gd_cross_intermediate and gd_intermediate certificates should be installed _prior_ to running the CSR to import the final GD cert. Otherwise RD Gateway will have flaky connectivity.

BeGentleWithMe-INeedHelpAuthor Commented:
Phil: I followed the instructions for IIS which was manual.  I saw the wizard later, after I think I got it working

alan: Yes, single.  I guess that's the problem.

Phil: standard for $13? rather than the listed $60?  ANd which standard do you get? 'single domain' (that is used for 1 subdomain I would think since they offer single domain with unlimited subdomains for $199) or multiple domains UCC - Alan, that's the only one that mentions UCC.

Any thinking on why there is the need for those gd intermediate certs? more secure? it complicates things.

Philip ElderTechnical Architect - HA/Compute/StorageCommented:
If a GoDaddy certificate is installed on-the-fly without the Intermediates first the certificate chain needs to be tweaked.

So, a series of GoDaddy Intermediate and Trusted Root certificates get downloaded and installed with the new cert.

Problem is, they break things. Especially in RD Gateway which is a key service in SBS STD.

Yes, the standard GoDaddy SSL certificate (not UCC) can be had for less than the $60 list. All one needs is a bit of search foo. :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now