Solved

SBS2011 Remote Web Access - win7 laptop getting certificate error

Posted on 2014-07-22
8
403 Views
Last Modified: 2014-07-23
sbs 2011   trying to access the remote web access with a new latop (setting up). Laptop has Win 7 pro using IE 11, I type this in the url

https://mail.<domainname>.mail/remote   I logged in suddenly got the 404 error.....clicked on compatibility mode and everything is ok.....but I need to install the certificate package. I do so. Now I can not log in at all.  I get this error immediately upon executing the url address.
certificate-error.jpg
0
Comment
Question by:Joemt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40213326
Can you try with other browser and see if the problem continues?
As a quick update, in my case, this appears to be due to the insistence on certificates with 1024-bit key length.
I used the info in Update for minimum certificate key length to bypass this.

Specifically, I needed to do
certutil -setreg chain\minRSAPubKeyBitLength 512

From an admin command prompt.

But I advise you to check the link.

I hope this helps you or put you in the good way.

Regards
0
 

Author Comment

by:Joemt
ID: 40213369
I rolled back the laptop and could once again log in......but only to the point where I need to install the certificate package.  The problem is the certificate in the certificate install package. The certificates were renewed.

Mozilla didn't work either.

How do I get the "certificate install package to update"
certificate-error-issue.jpg
0
 
LVL 5

Expert Comment

by:Adam Ray
ID: 40213425
It's not exactly a solution to your question about updating the cert install package... But my two approaches:

Get a basic 3rd party certificate. They are pretty cheap now if you just getting it for the warnings on the SBS site to go away. (Especially if you one of the discounts/coupon codes for GoDaddy that are regularly available.

Or, install the certificate on the laptop manually:
Click the start button, type iexplore in the search box, press ctrl+shift+enter. (Launces Internet Explorer as administrator.)
Browse to your website (in HTTPS). Click Continue to this Website.
Click "Certificate Error" on the right hand edge of the address bar, then click View Certificates.
Click Install Certificate --> Select the Local Machine Cert Store, Next.
"Place in the following store" --> Browse --> "Trusted Root Certification Authorities
Next/Okay/Finish/etc until the wizard is done and you can close all dialogue boxes.
Exit Internet Explorer (you're still running as admin.) Reopen normally and test/use.

(Once you've done it a time or two, installing the certificate this way is much easier/simpler/faster than these instructions make it sound. I even prefer it to using certificate install package, especially since I never seem to have the installer handy.)
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 4

Expert Comment

by:Vlastimil Sopuch
ID: 40213427
Is the certificate you renewed and then imported a root certificate?
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 40213572
Hello,

You can install the certificate from the Web Access by going to the following shared folder:

Public > Public Downloads

Download the 'Installer Certificate Package.zip' Extract the files and run the InstallCertificate installer which will install the certificate for you.  Then close the web browser and re-open.

You can install the certificate manually as well by double clicking the SBSCertificate.cer file, click install, select 'place all certificates in the following store' and placing it into the Trusted Root Certificate Authorities folder.

This will install the certificate on the client PC.
0
 

Author Comment

by:Joemt
ID: 40215607
Ok I have it fixed!!!    

The certificate in the install package in the public folder was the wrong one. The certificates renewed lately and I'm not sure why it's wrong.

But I had the correct certificate on my desktop, exported the certificate to a .cer file and installed the certificate on the new laptop and it worked fine.

I then installed that certificate in the public folder and re-zipped the install package with the new certificate.

This is the info I used Paragraph 3:
_______________________________________________________________________________________
SBS 2011 self signed certificate not updating in SBS console after renewal
The self signed certificate on a SBS 2011 server was expiring, so I ran the Fix My Network wizard and renewed.
This updated the certificate when you go to the OWA web page, however in SBS Console under network > connectivity > view certificate properties the date had not changed.

To create a new Certificate installation Package, I deleted the old one > ran the Fix My Network wizard > created a new package.  This had a different date again.
To get the certificate in the SBS console to match the OWA certificate > I ran the Add a trusted certificate wizard > select I want to use a certificate that is already installed on the server > selected the newly created self-issued certificate.  Now if I View Certificate Properties in the SBS console it matches the OWA certificate.

To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file.
0
 

Author Closing Comment

by:Joemt
ID: 40215618
Was helpful in putting all the pieces together
0
 

Author Comment

by:Joemt
ID: 40215619
I meant to do a multiple solution here and I guess I screwed that up. Sorry.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question