Solved

SBS2011 not using New SSL Certificate from GoDaddy

Posted on 2014-01-14
14
404 Views
Last Modified: 2014-01-15
HI All.

We have today installed a New SSL Certificate onto our clients SBS2011 server.

We have used the SBS2011 Wizard found on the 'Network' - 'Connectivity' section and the wizard completed successfully however when we remote connect (From different PC's) the Padlock shows its using the old certificate (Based on the expiry date)

Does anyone know why please and how we resolve this issue.

Thank you
Regards
Andy
0
Comment
Question by:AndyKeen
  • 7
  • 7
14 Comments
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780016
Allow me to add to the above post.

Internally the certificate is used - i.e. if I go to remote.xxx.xo.uk/remote using i.e. on the server then the certificate used is the new one based on the certificate expiry date.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780580
what happens if you reset iis and then try it?

what happens when you run 'fix my network'
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780655
Hi Works2011

Thanks for the help.

I have running iisreset, restated the exchange transport service and run fix my network - all to no avail - it's made no difference at all.

Andy
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 1

Author Comment

by:AndyKeen
ID: 39780660
S
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780664
We have today installed a New SSL Certificate onto our clients SBS2011 server.
is it self signed, if so you need to copy from the public folder and install manually.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780669
this article shows it's location, click here
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780694
Thanks Works2011

No this is a renewal from GoDaddy. I have downloaded it from my godaddy control panel and installed it with the SBS wizard from the main sbs console.

Andy
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780723
Start / Administrative Tools / IIS Manager / server name / window on the right under IIS / double click Server Certificates and delete the old cert if there.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780725
then reset IIS and test
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780745
Thought I recognised the location - already did that earlier and have reset IIS.

Still no joy :(
0
 
LVL 17

Accepted Solution

by:
WORKS2011 earned 500 total points
ID: 39780771
Run the following commands from PowerShell (in bold) basically you're locating the cert currently used by it's thumbprint and replacing with the new cert.

Get-ExchangeCertificate -domain "domainname" | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {computername, computername.domain.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=computername
NotAfter           : 2/16/2011 11:34:03 PM
NotBefore          : 2/16/2010 11:34:03 PM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 444FEF2E6F75B8864B86866DE2792FC2
Services           : IMAP, POP, IIS, SMTP
Status             : DateInvalid
Subject            : CN=computername
Thumbprint         : 2FB28F5075EFE9B30A8F8458DED0A19628D71F52



[PS] C:\Windows\System32>Get-ExchangeCertificate -thumbprint "2FB28F7055EFE9B30A
8F8458DED0A19628D71F52" | New-ExchangeCertificate

Confirm
Overwrite existing default SMTP certificate,
'2FB28F5075EFE9B30A8F8458DED0A19628D71F52' (expires 2/16/2011 11:34:03 PM),
with certificate 'FB5AECA6B39816F02B3245BD1D95394A573E1F02' (expires 2/22/2012
8:29:16 AM)?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):y

Thumbprint                                Services   Subject
----------                                --------   -------
FB5AECA6B39816F02B3245BD1D95394A573E1F02  .....      CN=computername


[PS] C:\Windows\System32>Enable-ExchangeCertificate -thumbprint "FB5AECA6B39816F
02B3245BD1D95394A573E1F02" -services IIS
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780798
Hi Works2011

Thanks for that detaiiled answer.

I am going to do that tomorrow when I have better access to my clients server.

Can I please come back to you tomorrow with an update.

Thank you
Regards
Andy
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780807
Sure, let me know what you find out.
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39781686
Spot on Works 2011 - Thanks for your help.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question