?
Solved

SBS2011 Remote Web Access - win7 laptop getting certificate error

Posted on 2014-07-22
8
Medium Priority
?
412 Views
Last Modified: 2014-07-23
sbs 2011   trying to access the remote web access with a new latop (setting up). Laptop has Win 7 pro using IE 11, I type this in the url

https://mail.<domainname>.mail/remote   I logged in suddenly got the 404 error.....clicked on compatibility mode and everything is ok.....but I need to install the certificate package. I do so. Now I can not log in at all.  I get this error immediately upon executing the url address.
certificate-error.jpg
0
Comment
Question by:Joemt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40213326
Can you try with other browser and see if the problem continues?
As a quick update, in my case, this appears to be due to the insistence on certificates with 1024-bit key length.
I used the info in Update for minimum certificate key length to bypass this.

Specifically, I needed to do
certutil -setreg chain\minRSAPubKeyBitLength 512

From an admin command prompt.

But I advise you to check the link.

I hope this helps you or put you in the good way.

Regards
0
 

Author Comment

by:Joemt
ID: 40213369
I rolled back the laptop and could once again log in......but only to the point where I need to install the certificate package.  The problem is the certificate in the certificate install package. The certificates were renewed.

Mozilla didn't work either.

How do I get the "certificate install package to update"
certificate-error-issue.jpg
0
 
LVL 5

Expert Comment

by:Adam Ray
ID: 40213425
It's not exactly a solution to your question about updating the cert install package... But my two approaches:

Get a basic 3rd party certificate. They are pretty cheap now if you just getting it for the warnings on the SBS site to go away. (Especially if you one of the discounts/coupon codes for GoDaddy that are regularly available.

Or, install the certificate on the laptop manually:
Click the start button, type iexplore in the search box, press ctrl+shift+enter. (Launces Internet Explorer as administrator.)
Browse to your website (in HTTPS). Click Continue to this Website.
Click "Certificate Error" on the right hand edge of the address bar, then click View Certificates.
Click Install Certificate --> Select the Local Machine Cert Store, Next.
"Place in the following store" --> Browse --> "Trusted Root Certification Authorities
Next/Okay/Finish/etc until the wizard is done and you can close all dialogue boxes.
Exit Internet Explorer (you're still running as admin.) Reopen normally and test/use.

(Once you've done it a time or two, installing the certificate this way is much easier/simpler/faster than these instructions make it sound. I even prefer it to using certificate install package, especially since I never seem to have the installer handy.)
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 4

Expert Comment

by:Vlastimil Sopuch
ID: 40213427
Is the certificate you renewed and then imported a root certificate?
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 1500 total points
ID: 40213572
Hello,

You can install the certificate from the Web Access by going to the following shared folder:

Public > Public Downloads

Download the 'Installer Certificate Package.zip' Extract the files and run the InstallCertificate installer which will install the certificate for you.  Then close the web browser and re-open.

You can install the certificate manually as well by double clicking the SBSCertificate.cer file, click install, select 'place all certificates in the following store' and placing it into the Trusted Root Certificate Authorities folder.

This will install the certificate on the client PC.
0
 

Author Comment

by:Joemt
ID: 40215607
Ok I have it fixed!!!    

The certificate in the install package in the public folder was the wrong one. The certificates renewed lately and I'm not sure why it's wrong.

But I had the correct certificate on my desktop, exported the certificate to a .cer file and installed the certificate on the new laptop and it worked fine.

I then installed that certificate in the public folder and re-zipped the install package with the new certificate.

This is the info I used Paragraph 3:
_______________________________________________________________________________________
SBS 2011 self signed certificate not updating in SBS console after renewal
The self signed certificate on a SBS 2011 server was expiring, so I ran the Fix My Network wizard and renewed.
This updated the certificate when you go to the OWA web page, however in SBS Console under network > connectivity > view certificate properties the date had not changed.

To create a new Certificate installation Package, I deleted the old one > ran the Fix My Network wizard > created a new package.  This had a different date again.
To get the certificate in the SBS console to match the OWA certificate > I ran the Add a trusted certificate wizard > select I want to use a certificate that is already installed on the server > selected the newly created self-issued certificate.  Now if I View Certificate Properties in the SBS console it matches the OWA certificate.

To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file.
0
 

Author Closing Comment

by:Joemt
ID: 40215618
Was helpful in putting all the pieces together
0
 

Author Comment

by:Joemt
ID: 40215619
I meant to do a multiple solution here and I guess I screwed that up. Sorry.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question