Solved

SBS2011 Remote Web Access - win7 laptop getting certificate error

Posted on 2014-07-22
8
398 Views
Last Modified: 2014-07-23
sbs 2011   trying to access the remote web access with a new latop (setting up). Laptop has Win 7 pro using IE 11, I type this in the url

https://mail.<domainname>.mail/remote   I logged in suddenly got the 404 error.....clicked on compatibility mode and everything is ok.....but I need to install the certificate package. I do so. Now I can not log in at all.  I get this error immediately upon executing the url address.
certificate-error.jpg
0
Comment
Question by:Joemt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40213326
Can you try with other browser and see if the problem continues?
As a quick update, in my case, this appears to be due to the insistence on certificates with 1024-bit key length.
I used the info in Update for minimum certificate key length to bypass this.

Specifically, I needed to do
certutil -setreg chain\minRSAPubKeyBitLength 512

From an admin command prompt.

But I advise you to check the link.

I hope this helps you or put you in the good way.

Regards
0
 

Author Comment

by:Joemt
ID: 40213369
I rolled back the laptop and could once again log in......but only to the point where I need to install the certificate package.  The problem is the certificate in the certificate install package. The certificates were renewed.

Mozilla didn't work either.

How do I get the "certificate install package to update"
certificate-error-issue.jpg
0
 
LVL 5

Expert Comment

by:Adam Ray
ID: 40213425
It's not exactly a solution to your question about updating the cert install package... But my two approaches:

Get a basic 3rd party certificate. They are pretty cheap now if you just getting it for the warnings on the SBS site to go away. (Especially if you one of the discounts/coupon codes for GoDaddy that are regularly available.

Or, install the certificate on the laptop manually:
Click the start button, type iexplore in the search box, press ctrl+shift+enter. (Launces Internet Explorer as administrator.)
Browse to your website (in HTTPS). Click Continue to this Website.
Click "Certificate Error" on the right hand edge of the address bar, then click View Certificates.
Click Install Certificate --> Select the Local Machine Cert Store, Next.
"Place in the following store" --> Browse --> "Trusted Root Certification Authorities
Next/Okay/Finish/etc until the wizard is done and you can close all dialogue boxes.
Exit Internet Explorer (you're still running as admin.) Reopen normally and test/use.

(Once you've done it a time or two, installing the certificate this way is much easier/simpler/faster than these instructions make it sound. I even prefer it to using certificate install package, especially since I never seem to have the installer handy.)
0
Windows running painfully slow? Try these tips..

Stay away from Speed Up Computer Programs that do more harm than good.
Try these tips instead.
Step by step instructions in trouble shooting Windows Performance issues.

 
LVL 4

Expert Comment

by:Vlastimil Sopuch
ID: 40213427
Is the certificate you renewed and then imported a root certificate?
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 40213572
Hello,

You can install the certificate from the Web Access by going to the following shared folder:

Public > Public Downloads

Download the 'Installer Certificate Package.zip' Extract the files and run the InstallCertificate installer which will install the certificate for you.  Then close the web browser and re-open.

You can install the certificate manually as well by double clicking the SBSCertificate.cer file, click install, select 'place all certificates in the following store' and placing it into the Trusted Root Certificate Authorities folder.

This will install the certificate on the client PC.
0
 

Author Comment

by:Joemt
ID: 40215607
Ok I have it fixed!!!    

The certificate in the install package in the public folder was the wrong one. The certificates renewed lately and I'm not sure why it's wrong.

But I had the correct certificate on my desktop, exported the certificate to a .cer file and installed the certificate on the new laptop and it worked fine.

I then installed that certificate in the public folder and re-zipped the install package with the new certificate.

This is the info I used Paragraph 3:
_______________________________________________________________________________________
SBS 2011 self signed certificate not updating in SBS console after renewal
The self signed certificate on a SBS 2011 server was expiring, so I ran the Fix My Network wizard and renewed.
This updated the certificate when you go to the OWA web page, however in SBS Console under network > connectivity > view certificate properties the date had not changed.

To create a new Certificate installation Package, I deleted the old one > ran the Fix My Network wizard > created a new package.  This had a different date again.
To get the certificate in the SBS console to match the OWA certificate > I ran the Add a trusted certificate wizard > select I want to use a certificate that is already installed on the server > selected the newly created self-issued certificate.  Now if I View Certificate Properties in the SBS console it matches the OWA certificate.

To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file.
0
 

Author Closing Comment

by:Joemt
ID: 40215618
Was helpful in putting all the pieces together
0
 

Author Comment

by:Joemt
ID: 40215619
I meant to do a multiple solution here and I guess I screwed that up. Sorry.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question