Solved

SBS2011 not using New SSL Certificate from GoDaddy

Posted on 2014-01-14
14
406 Views
Last Modified: 2014-01-15
HI All.

We have today installed a New SSL Certificate onto our clients SBS2011 server.

We have used the SBS2011 Wizard found on the 'Network' - 'Connectivity' section and the wizard completed successfully however when we remote connect (From different PC's) the Padlock shows its using the old certificate (Based on the expiry date)

Does anyone know why please and how we resolve this issue.

Thank you
Regards
Andy
0
Comment
Question by:AndyKeen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780016
Allow me to add to the above post.

Internally the certificate is used - i.e. if I go to remote.xxx.xo.uk/remote using i.e. on the server then the certificate used is the new one based on the certificate expiry date.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780580
what happens if you reset iis and then try it?

what happens when you run 'fix my network'
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780655
Hi Works2011

Thanks for the help.

I have running iisreset, restated the exchange transport service and run fix my network - all to no avail - it's made no difference at all.

Andy
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 1

Author Comment

by:AndyKeen
ID: 39780660
S
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780664
We have today installed a New SSL Certificate onto our clients SBS2011 server.
is it self signed, if so you need to copy from the public folder and install manually.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780669
this article shows it's location, click here
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780694
Thanks Works2011

No this is a renewal from GoDaddy. I have downloaded it from my godaddy control panel and installed it with the SBS wizard from the main sbs console.

Andy
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780723
Start / Administrative Tools / IIS Manager / server name / window on the right under IIS / double click Server Certificates and delete the old cert if there.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780725
then reset IIS and test
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780745
Thought I recognised the location - already did that earlier and have reset IIS.

Still no joy :(
0
 
LVL 17

Accepted Solution

by:
WORKS2011 earned 500 total points
ID: 39780771
Run the following commands from PowerShell (in bold) basically you're locating the cert currently used by it's thumbprint and replacing with the new cert.

Get-ExchangeCertificate -domain "domainname" | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {computername, computername.domain.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=computername
NotAfter           : 2/16/2011 11:34:03 PM
NotBefore          : 2/16/2010 11:34:03 PM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 444FEF2E6F75B8864B86866DE2792FC2
Services           : IMAP, POP, IIS, SMTP
Status             : DateInvalid
Subject            : CN=computername
Thumbprint         : 2FB28F5075EFE9B30A8F8458DED0A19628D71F52



[PS] C:\Windows\System32>Get-ExchangeCertificate -thumbprint "2FB28F7055EFE9B30A
8F8458DED0A19628D71F52" | New-ExchangeCertificate

Confirm
Overwrite existing default SMTP certificate,
'2FB28F5075EFE9B30A8F8458DED0A19628D71F52' (expires 2/16/2011 11:34:03 PM),
with certificate 'FB5AECA6B39816F02B3245BD1D95394A573E1F02' (expires 2/22/2012
8:29:16 AM)?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):y

Thumbprint                                Services   Subject
----------                                --------   -------
FB5AECA6B39816F02B3245BD1D95394A573E1F02  .....      CN=computername


[PS] C:\Windows\System32>Enable-ExchangeCertificate -thumbprint "FB5AECA6B39816F
02B3245BD1D95394A573E1F02" -services IIS
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39780798
Hi Works2011

Thanks for that detaiiled answer.

I am going to do that tomorrow when I have better access to my clients server.

Can I please come back to you tomorrow with an update.

Thank you
Regards
Andy
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 39780807
Sure, let me know what you find out.
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39781686
Spot on Works 2011 - Thanks for your help.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question