Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1357
  • Last Modified:

SBS 2011 Remote Web Access Certificate Problems

Hello,

We have a Windows SBS 2011 server with Remote Web Access enabled.. However when a user tries to remote into their machine ,they are prompted with this message:

"This computer can't verify the identity of the RD Gateway "mail.domain.com". It's not safe to connect to servers that can't be identified. Contact your network administrator for assistance."

When you view the certificate, there is no option to install it. Upon doing research I found a way that users can actually download and install the certificate themselves by following these directions:
http://blogs.technet.com/b/sbs/archive/2011/04/19/how-to-obtain-the-certificate-distribution-package-in-sbs-2011-standard-through-remote-web-access.aspx - But that is alot of work for an end user, especially a non tech savvy user.

Is there a way for me to install this certificate on the server itself so that users aren't required to go download the certificate to their computers locally? This article is the only one that I found in regards to my question but it doesn't seem clear: http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx

Any input would be appreciated.

Thanks!
0
bsidfw
Asked:
bsidfw
  • 4
  • 3
1 Solution
 
becraigCommented:
Is this a self-signed certificate or one issued by a trusted provider ?
0
 
bsidfwAuthor Commented:
Self signed.
0
 
becraigCommented:
Ok so unless your users are all domain users this will persist unless the users individually install your certificate into the trusted root store.

Is this a domain based scenario ?
If so we can use a GPO to push out the certificate and eliminate the problem.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
bsidfwAuthor Commented:
They are all domain users, but they are accessing their domain machines remotely from their own personal laptops and computers, which are not domain machines from home... So they will need to install the certificate locally on their personal machines?
0
 
becraigCommented:
If you want them to be able to trust the certificate they will have to.

You can simply create a batch file with the public key portion of the cert and distribute to all users to install.
0
 
bsidfwAuthor Commented:
That basically accomplishes the same thing as this, right?
http://blogs.technet.com/b/sbs/archive/2011/04/19/how-to-obtain-the-certificate-distribution-package-in-sbs-2011-standard-through-remote-web-access.aspx

I just wasn't sure if there was a way to get third party, non domain computers to trust the certificate for their server automatically without requiring the user to install the certificate themselves. I will probably just sent that link out to the users if that is the case.

Thank you for your help.
0
 
David AtkinIT ProfessionalCommented:
The easiest thing for you to do here email them Certificate Disribution Package for them to install.  It can be found here on the server:
\\SERVERNAME\Public\Downloads

Email the Install Certificate Package.zip to them and get them to run the InstallCertificate Application which will install the cert for them.

If it is a big network I would think about purchasing and implementing a third party trusted certificate. Doing so will mean that the remote users won't have to install a cert.

There isn't a way for you to install the self certificate without the users input. Unless you want to remote onto the machines yourself and install it for them.
0
 
becraigCommented:
Yup that will accomplish the same thing as suggested.

The overall issue is the local computer certificate store has already been told which certificates to trust, so in order to trust your certificate they will have to install to the local store.

Happy to help
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now