Solved

SBS 2011 Renew Self Signed Certificate - Update Installer Package

Posted on 2014-09-05
4
1,132 Views
Last Modified: 2014-09-05
I have an SBS 2011 Site where I was getting the Warning "Leaf certificate expiring"

Site is running the standard SBS Self signed certificate

I ran the "Fix Network" from console and the Certificate renewed Fine. Then I ran the Installed Trusted Certificate wizard and selected the new cert because SBS does not update the console as per

http://www.itsupportkb.com/sbs2011/sbs-2011-self-signed-certificate-not-updating-in-sbs-console-after-renewal

Question is how do I update the "Install Certificate Package" all my research show me having to do this manually via IE;

"To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file."

This is a real pain how do I just update the package to include the new cert ??? as it was originally.
0
Comment
Question by:it-pro
  • 3
4 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40307063
You don't have to. The package installs the root certificate onto a client machine, not the leaf, and the root has a longer time before expiring. That was by design. Since the root signs the leaf, renewing the leaf (as you did) does not require redeploying a package as the root will still be trusted so the new leaf is inherently trusted as well.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40307064
Basically the link is unnecessary and shows a fundamental misunderstanding of the root/leaf system that most certificates use and how SBS implemented it to make admin of SBS easier.
0
 
LVL 2

Author Comment

by:it-pro
ID: 40307066
Thanks - just also found this that confirms what you saying.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27470682.html

So If I had a new Non Domain PC, I would just run the old dated Installer, and that would work right.?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40307068
Correct.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now