Solved

SBS2011 not using New SSL Certificate from GoDaddy

Posted on 2014-01-14
14
401 Views
Last Modified: 2014-01-15
HI All.

We have today installed a New SSL Certificate onto our clients SBS2011 server.

We have used the SBS2011 Wizard found on the 'Network' - 'Connectivity' section and the wizard completed successfully however when we remote connect (From different PC's) the Padlock shows its using the old certificate (Based on the expiry date)

Does anyone know why please and how we resolve this issue.

Thank you
Regards
Andy
0
Comment
Question by:AndyKeen
  • 7
  • 7
14 Comments
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780016
Allow me to add to the above post.

Internally the certificate is used - i.e. if I go to remote.xxx.xo.uk/remote using i.e. on the server then the certificate used is the new one based on the certificate expiry date.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780580
what happens if you reset iis and then try it?

what happens when you run 'fix my network'
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780655
Hi Works2011

Thanks for the help.

I have running iisreset, restated the exchange transport service and run fix my network - all to no avail - it's made no difference at all.

Andy
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780660
S
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780664
We have today installed a New SSL Certificate onto our clients SBS2011 server.
is it self signed, if so you need to copy from the public folder and install manually.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780669
this article shows it's location, click here
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780694
Thanks Works2011

No this is a renewal from GoDaddy. I have downloaded it from my godaddy control panel and installed it with the SBS wizard from the main sbs console.

Andy
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780723
Start / Administrative Tools / IIS Manager / server name / window on the right under IIS / double click Server Certificates and delete the old cert if there.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780725
then reset IIS and test
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780745
Thought I recognised the location - already did that earlier and have reset IIS.

Still no joy :(
0
 
LVL 17

Accepted Solution

by:
WORKS2011 earned 500 total points
ID: 39780771
Run the following commands from PowerShell (in bold) basically you're locating the cert currently used by it's thumbprint and replacing with the new cert.

Get-ExchangeCertificate -domain "domainname" | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {computername, computername.domain.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=computername
NotAfter           : 2/16/2011 11:34:03 PM
NotBefore          : 2/16/2010 11:34:03 PM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 444FEF2E6F75B8864B86866DE2792FC2
Services           : IMAP, POP, IIS, SMTP
Status             : DateInvalid
Subject            : CN=computername
Thumbprint         : 2FB28F5075EFE9B30A8F8458DED0A19628D71F52



[PS] C:\Windows\System32>Get-ExchangeCertificate -thumbprint "2FB28F7055EFE9B30A
8F8458DED0A19628D71F52" | New-ExchangeCertificate

Confirm
Overwrite existing default SMTP certificate,
'2FB28F5075EFE9B30A8F8458DED0A19628D71F52' (expires 2/16/2011 11:34:03 PM),
with certificate 'FB5AECA6B39816F02B3245BD1D95394A573E1F02' (expires 2/22/2012
8:29:16 AM)?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):y

Thumbprint                                Services   Subject
----------                                --------   -------
FB5AECA6B39816F02B3245BD1D95394A573E1F02  .....      CN=computername


[PS] C:\Windows\System32>Enable-ExchangeCertificate -thumbprint "FB5AECA6B39816F
02B3245BD1D95394A573E1F02" -services IIS
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780798
Hi Works2011

Thanks for that detaiiled answer.

I am going to do that tomorrow when I have better access to my clients server.

Can I please come back to you tomorrow with an update.

Thank you
Regards
Andy
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780807
Sure, let me know what you find out.
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39781686
Spot on Works 2011 - Thanks for your help.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now