SSL for my new SBS2011

Posted on 2014-08-18
Medium Priority
Last Modified: 2014-08-18
I have a new SBS2011 setup and I want to Add a trusted Certificate for my users to use for their RWW.
I'm using the task pad in Windows Small Business Server 2011 Standard Console

When I select "Add a trusted certificate"
I use "I want to buy a certificate from a certificate provider"

This wizard automatically fills in the following information
I’m going to use organization name abc123.org as an example:

"Verify the information for your trusted certificate"
Issued To:

Abc123 Organization




Why does it add remote. prefix?
does this mean my user will use https://remote.abc123.org tp log in?

If I change it to
Issued To:
abc123.org  (instead of remote.abc123.org)

what wil my users browse to?
https://abc123.org/remote ?
Question by:jsarinana
LVL 60

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 40269073
When you run the internet address wizard and select the name, that wizard adds 'remote.' to the beginning by default. You sre given the option to change it in the wizard.

The certificate wizard simply reads the setting used in the internet address wizard. If you change the name jn the certificate wizard, you *will* break things. The internet address wizard has already configured IIS and Exchange to use remote.* so you'd have a name mismatch.

As far as why that is a default , most people want abc123.com to go to their public website as shortened version of www.abc123.com. There is no good way to have abc123.com point to a public web host *and* have abc123.com/remote point to a different server, since both key off the DNS record for abc123.com. Using remote.abc123.com allows for a different distinct DNS record so the usage can be cleanly separated.

Now as a reminder, the remote.* is just a default. You can rerun the internet address wizard and change the default. But you cannot have abc123.com point to one server and abc123.com/remote point to another. That is a limitation of DNS and is bot unique to windows or SBS.

You could set up a redirect on your public website (if you have one) that tells a browser visiting abc123.com/remote to redirect to remote.ahc123.com, and some folks do this. But for that scenario, your remote site is still technical remote.abc123.com so you wouldn't rerun the internet address wizard and you *would* want the certificate name to be remote.abc123.com since that is what the browser will eventually get redirected to.

Author Closing Comment

ID: 40269118
Thanks Cliff
got it

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question