BeGentleWithMe-INeedHelp
asked on
SSL certs and sbs 2011 - what is the 'right' way to do them? SBS interface vs. exchange console, etc?
Following up on questions from:
https://www.experts-exchange.com/questions/28182092/SSL-certificates-issue-1-of-many-How-to-clear-a-CA-cert-from-a-browser.html
what is the right way to deal with installing (UCC? ) SSLs when working with SBS 2011?
From the sbs console?
Or these instructions from Godaddy?
http://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010
or some other process I was in the IIS console?!
https://www.experts-exchange.com/questions/28182092/SSL-certificates-issue-1-of-many-How-to-clear-a-CA-cert-from-a-browser.html
what is the right way to deal with installing (UCC? ) SSLs when working with SBS 2011?
From the sbs console?
Or these instructions from Godaddy?
http://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010
or some other process I was in the IIS console?!
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Just as an FYI - I NEVER use the Wizard in the SBS Console. I use the Wizard in Exchange and never have a problem!
Alan
Alan
ASKER
I hate not getting consistent answers! No offense to either of you!
Alan, care to comment to cliff? Why not use the SBS wizard in the sbs console?
Alan, care to comment to cliff? Why not use the SBS wizard in the sbs console?
Just a personal preference. The Exchange Wizard works for me on all the SBS 2011 servers I have ever installed / configured. I'm sure I used the SBS Console wizard once and it didn't work (for me), and thus I have used the Exchange Wizard ever since.
There is no right or wrong answer (in my opinion).
With SBS - it is designed to be managed by the Wizards by people who are not IT geeks.
Both methods presumably work - I just prefer the Exchange wizard as that's where the Certificate is needed primarily. Exchange services (SMTP / POP / IMAP / IIS) and I get to specify the URL's required for each Exchange element.
Can't comment on the SBS Console Wizard as it's been so long since I used it.
Sorry
Alan
With SBS - it is designed to be managed by the Wizards by people who are not IT geeks.
Both methods presumably work - I just prefer the Exchange wizard as that's where the Certificate is needed primarily. Exchange services (SMTP / POP / IMAP / IIS) and I get to specify the URL's required for each Exchange element.
Can't comment on the SBS Console Wizard as it's been so long since I used it.
Sorry
Alan
ASKER
alan - do you use a UCC (a cert for several names?) and if so, what names? if only a single name cert, what name?
autodiscover
mail
remote
owa
??
autodiscover
remote
owa
??
I do use a UCC cert, but you can get away with a single name cert if you are cunning.
I now use autodiscover.whatever.com and something like mail.whatever.com but it depends on how the Wizard for setting up the server was run and what name was used (if left at default).
I usually change the default from remote to something like mail.
You won't be able to buy a .local domain name on a cert that covers anything past Nov 2015 as the cert people conspired to do away with .local names, so the old requirement to have servername.internaldomain. local is no longer one I use.
Aaln
I now use autodiscover.whatever.com and something like mail.whatever.com but it depends on how the Wizard for setting up the server was run and what name was used (if left at default).
I usually change the default from remote to something like mail.
You won't be able to buy a .local domain name on a cert that covers anything past Nov 2015 as the cert people conspired to do away with .local names, so the old requirement to have servername.internaldomain.
Aaln
ASKER
Thank you for your comments.
"if you are cunning" I have enough problems getting things to work by playing by the rules. Don't need the grief to try to cut corners <grin>
"if you are cunning" I have enough problems getting things to work by playing by the rules. Don't need the grief to try to cut corners <grin>
It's not complicated! Just cheaper.
FYI, you don't need to be cunning to de a single-name cert. You need to either a) understand ALL of the SBS components and set all prts up properly ...aka be cunning...OR b) use the wizards end to end, which isn't cunning at ll, but works with a single-named cert and touches all the parts that option A would if you were cunning.
Someone like Alan can do things manually due to sheer experience. But his comment that you need to be cunning just reinforces my opinion: stick to the wizards.
Someone like Alan can do things manually due to sheer experience. But his comment that you need to be cunning just reinforces my opinion: stick to the wizards.
ASKER
on to the next questions. I am looking to recreate the csr and could do it via IIS or Exchange... hmmmmm.
and how do I clear out the clutter of old certs from the last couple days of me trying to get this to work?
https://www.experts-exchange.com/questions/28182624/SSL-cert-for-SBS-2010-how-can-I-clean-out-the-clutter-of-old-certs.html
and how do I clear out the clutter of old certs from the last couple days of me trying to get this to work?
https://www.experts-exchange.com/questions/28182624/SSL-cert-for-SBS-2010-how-can-I-clean-out-the-clutter-of-old-certs.html
The elephant in the room. When we are on the godaddy request page, it asks if we want an IIS or Exchange certificate. What is our opinion on that? I think both ways work fine, but every time I hit that page, I gain another grey hair.
Exchange 2010 for SBS 2011. At least that's what I always choose ;)
ASKER
yes, totally aware of the wizards vs. manual and wizards breaking things later : )
I'll rerun the internet connection wizard tonight and see if I can resolve at least a small fraction of the issues.