Solved

SBS2011 Remote Web Access - win7 laptop getting certificate error

Posted on 2014-07-22
8
382 Views
Last Modified: 2014-07-23
sbs 2011   trying to access the remote web access with a new latop (setting up). Laptop has Win 7 pro using IE 11, I type this in the url

https://mail.<domainname>.mail/remote   I logged in suddenly got the 404 error.....clicked on compatibility mode and everything is ok.....but I need to install the certificate package. I do so. Now I can not log in at all.  I get this error immediately upon executing the url address.
certificate-error.jpg
0
Comment
Question by:Joemt
8 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
Comment Utility
Can you try with other browser and see if the problem continues?
As a quick update, in my case, this appears to be due to the insistence on certificates with 1024-bit key length.
I used the info in Update for minimum certificate key length to bypass this.

Specifically, I needed to do
certutil -setreg chain\minRSAPubKeyBitLength 512

From an admin command prompt.

But I advise you to check the link.

I hope this helps you or put you in the good way.

Regards
0
 

Author Comment

by:Joemt
Comment Utility
I rolled back the laptop and could once again log in......but only to the point where I need to install the certificate package.  The problem is the certificate in the certificate install package. The certificates were renewed.

Mozilla didn't work either.

How do I get the "certificate install package to update"
certificate-error-issue.jpg
0
 
LVL 5

Expert Comment

by:Adam Ray
Comment Utility
It's not exactly a solution to your question about updating the cert install package... But my two approaches:

Get a basic 3rd party certificate. They are pretty cheap now if you just getting it for the warnings on the SBS site to go away. (Especially if you one of the discounts/coupon codes for GoDaddy that are regularly available.

Or, install the certificate on the laptop manually:
Click the start button, type iexplore in the search box, press ctrl+shift+enter. (Launces Internet Explorer as administrator.)
Browse to your website (in HTTPS). Click Continue to this Website.
Click "Certificate Error" on the right hand edge of the address bar, then click View Certificates.
Click Install Certificate --> Select the Local Machine Cert Store, Next.
"Place in the following store" --> Browse --> "Trusted Root Certification Authorities
Next/Okay/Finish/etc until the wizard is done and you can close all dialogue boxes.
Exit Internet Explorer (you're still running as admin.) Reopen normally and test/use.

(Once you've done it a time or two, installing the certificate this way is much easier/simpler/faster than these instructions make it sound. I even prefer it to using certificate install package, especially since I never seem to have the installer handy.)
0
 
LVL 4

Expert Comment

by:Vlastimil Sopuch
Comment Utility
Is the certificate you renewed and then imported a root certificate?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
Comment Utility
Hello,

You can install the certificate from the Web Access by going to the following shared folder:

Public > Public Downloads

Download the 'Installer Certificate Package.zip' Extract the files and run the InstallCertificate installer which will install the certificate for you.  Then close the web browser and re-open.

You can install the certificate manually as well by double clicking the SBSCertificate.cer file, click install, select 'place all certificates in the following store' and placing it into the Trusted Root Certificate Authorities folder.

This will install the certificate on the client PC.
0
 

Author Comment

by:Joemt
Comment Utility
Ok I have it fixed!!!    

The certificate in the install package in the public folder was the wrong one. The certificates renewed lately and I'm not sure why it's wrong.

But I had the correct certificate on my desktop, exported the certificate to a .cer file and installed the certificate on the new laptop and it worked fine.

I then installed that certificate in the public folder and re-zipped the install package with the new certificate.

This is the info I used Paragraph 3:
_______________________________________________________________________________________
SBS 2011 self signed certificate not updating in SBS console after renewal
The self signed certificate on a SBS 2011 server was expiring, so I ran the Fix My Network wizard and renewed.
This updated the certificate when you go to the OWA web page, however in SBS Console under network > connectivity > view certificate properties the date had not changed.

To create a new Certificate installation Package, I deleted the old one > ran the Fix My Network wizard > created a new package.  This had a different date again.
To get the certificate in the SBS console to match the OWA certificate > I ran the Add a trusted certificate wizard > select I want to use a certificate that is already installed on the server > selected the newly created self-issued certificate.  Now if I View Certificate Properties in the SBS console it matches the OWA certificate.

To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file.
0
 

Author Closing Comment

by:Joemt
Comment Utility
Was helpful in putting all the pieces together
0
 

Author Comment

by:Joemt
Comment Utility
I meant to do a multiple solution here and I guess I screwed that up. Sorry.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now