Solved

SBS 2011 Renew Self Signed Certificate - Update Installer Package

Posted on 2014-09-05
4
1,272 Views
Last Modified: 2014-09-05
I have an SBS 2011 Site where I was getting the Warning "Leaf certificate expiring"

Site is running the standard SBS Self signed certificate

I ran the "Fix Network" from console and the Certificate renewed Fine. Then I ran the Installed Trusted Certificate wizard and selected the new cert because SBS does not update the console as per

http://www.itsupportkb.com/sbs2011/sbs-2011-self-signed-certificate-not-updating-in-sbs-console-after-renewal

Question is how do I update the "Install Certificate Package" all my research show me having to do this manually via IE;

"To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file."

This is a real pain how do I just update the package to include the new cert ??? as it was originally.
0
Comment
Question by:it-pro
  • 3
4 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40307063
You don't have to. The package installs the root certificate onto a client machine, not the leaf, and the root has a longer time before expiring. That was by design. Since the root signs the leaf, renewing the leaf (as you did) does not require redeploying a package as the root will still be trusted so the new leaf is inherently trusted as well.
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40307064
Basically the link is unnecessary and shows a fundamental misunderstanding of the root/leaf system that most certificates use and how SBS implemented it to make admin of SBS easier.
0
 
LVL 2

Author Comment

by:it-pro
ID: 40307066
Thanks - just also found this that confirms what you saying.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27470682.html

So If I had a new Non Domain PC, I would just run the old dated Installer, and that would work right.?
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40307068
Correct.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question