Solved

Self Signed certificate problem

Posted on 2014-07-18
4
230 Views
Last Modified: 2014-07-18
This is SBS 2008. Our self-signed certificate expired yesterday. I have used the 'Set up your internet address' wizard in the SBS console. I can see the new certificate is there, and it expires in July 2016.

My problem is that the client pc's dont seem to trust it. When anyone opens Outlook they get a certificate error stating that the certificate was issued by a company we have not chosen to trust.  When I look at the certificate, it is issued to remote.myexternaldomain.com and it is Issued by internaldomain-server-CA I've checked the expired certificate and it has the same information. So how do I fix this?
0
Comment
Question by:TownTalk
  • 2
  • 2
4 Comments
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 40204032
Install the new certificate onto every machine you have or buy a trusted 3rd party SSL certificate for $60 a year and then it will automatically be trusted and you don't have to install anything on any machine other than the server.
0
 

Author Comment

by:TownTalk
ID: 40204034
But the self-signed should be trusted shouldn't it? I didn't have this problem when I re-issued the certificate 2 years ago.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40204048
When the clients join the domain, the certificate gets installed onto their PC so it therefore trusts the server because it has the certificate installed.

Now it doesn't have the new certificate installed, so it doesn't trust the server.

Not sure what you did 2 years ago, but that's what you need to do.

Alan
0
 

Author Closing Comment

by:TownTalk
ID: 40204153
Ah yes I understand now. Most of the machines are less than 2 years old, so they would have got the certificate when they were joined to the domain.  I've been around and installed the certificate, and I found that the problem wasn't occurring on the machines which are older than 2 years. So for whatever reason, they trust the certificate. I'm curious as to why this is the case, but my problem is fixed. So thanks guys for your input.

Ian
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain Controller Diagnostic Errors on SBS 2008 3 59
IIS 7.5 to 8.0 6 121
Move for SBS 2011 to Office 365 3 65
Multiple Open Excel Spreadsheets 12 60
Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question