Link to home
Create AccountLog in
Avatar of BeGentleWithMe-INeedHelp
BeGentleWithMe-INeedHelpFlag for United States of America

asked on

SSL certs and sbs 2011 - what is the 'right' way to do them? SBS interface vs. exchange console, etc?

Following up on questions from:

https://www.experts-exchange.com/questions/28182092/SSL-certificates-issue-1-of-many-How-to-clear-a-CA-cert-from-a-browser.html

what is the right way to deal with installing (UCC? ) SSLs when working with SBS 2011?

From the sbs console?  

Or these instructions from Godaddy?

http://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010

or some other process I was in the IIS console?!
ASKER CERTIFIED SOLUTION
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of BeGentleWithMe-INeedHelp

ASKER

you ask why not? (I say this with a smile / I know you are right) but the answer:  Just that godaddy and the other firm didn't have sbs instructions.

yes, totally aware of the wizards vs. manual and wizards breaking things later : )

I'll rerun the internet connection wizard tonight and see if I can resolve at least a small fraction of the issues.
Just as an FYI - I NEVER use the Wizard in the SBS Console.  I use the Wizard in Exchange and never have a problem!

Alan
I hate not getting consistent answers!  No offense to either of you!  

Alan, care to comment to cliff?  Why not use the SBS wizard in the sbs console?
Just a personal preference.  The Exchange Wizard works for me on all the SBS 2011 servers I have ever installed / configured.  I'm sure I used the SBS Console wizard once and it didn't work (for me), and thus I have used the Exchange Wizard ever since.
There is no right or wrong answer (in my opinion).

With SBS - it is designed to be managed by the Wizards by people who are not IT geeks.

Both methods presumably work - I just prefer the Exchange wizard as that's where the Certificate is needed primarily.  Exchange services (SMTP / POP / IMAP / IIS) and I get to specify the URL's required for each Exchange element.

Can't comment on the SBS Console Wizard as it's been so long since I used it.

Sorry

Alan
alan - do you use a UCC (a cert for several names?) and if so, what names? if only a single name cert, what name?

autodiscover
mail
remote
owa

??
I do use a UCC cert, but you can get away with a single name cert if you are cunning.

I now use autodiscover.whatever.com and something like mail.whatever.com but it depends on how the Wizard for setting up the server was run and what name was used (if left at default).

I usually change the default from remote to something like mail.

You won't be able to buy a .local domain name on a cert that covers anything past Nov 2015 as the cert people conspired to do away with .local names, so the old requirement to have servername.internaldomain.local is no longer one I use.

Aaln
Thank you for your comments.

"if you are cunning"  I have enough problems getting things to work by playing by the rules. Don't need the grief to try to cut corners <grin>
It's not complicated!  Just cheaper.
FYI, you don't need to be cunning to de a single-name cert. You need to either a) understand ALL of the SBS components and set all prts up properly ...aka be cunning...OR b) use the wizards end to end, which isn't cunning at ll, but works with a single-named cert and touches all the parts that option A would if you were cunning.

Someone like Alan can do things manually due to sheer experience. But his comment that you need to be cunning just reinforces my opinion: stick to the wizards.
on to the next questions. I am looking to recreate the csr and could do it via IIS or Exchange... hmmmmm.

and how do I clear out the clutter of old certs from the last couple days of me trying to get this to work?

https://www.experts-exchange.com/questions/28182624/SSL-cert-for-SBS-2010-how-can-I-clean-out-the-clutter-of-old-certs.html
Avatar of IslandTom
IslandTom

The elephant in the room.  When we are on the godaddy request page, it asks if we want an IIS or Exchange certificate.  What is our opinion on that?  I think both ways work fine, but every time I hit that page, I gain another grey hair.
Exchange 2010 for SBS 2011.  At least that's what I always choose ;)