Solved

SBS 2011 Renew Self Signed Certificate - Update Installer Package

Posted on 2014-09-05
4
1,215 Views
Last Modified: 2014-09-05
I have an SBS 2011 Site where I was getting the Warning "Leaf certificate expiring"

Site is running the standard SBS Self signed certificate

I ran the "Fix Network" from console and the Certificate renewed Fine. Then I ran the Installed Trusted Certificate wizard and selected the new cert because SBS does not update the console as per

http://www.itsupportkb.com/sbs2011/sbs-2011-self-signed-certificate-not-updating-in-sbs-console-after-renewal

Question is how do I update the "Install Certificate Package" all my research show me having to do this manually via IE;

"To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file."

This is a real pain how do I just update the package to include the new cert ??? as it was originally.
0
Comment
Question by:it-pro
  • 3
4 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40307063
You don't have to. The package installs the root certificate onto a client machine, not the leaf, and the root has a longer time before expiring. That was by design. Since the root signs the leaf, renewing the leaf (as you did) does not require redeploying a package as the root will still be trusted so the new leaf is inherently trusted as well.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40307064
Basically the link is unnecessary and shows a fundamental misunderstanding of the root/leaf system that most certificates use and how SBS implemented it to make admin of SBS easier.
0
 
LVL 2

Author Comment

by:it-pro
ID: 40307066
Thanks - just also found this that confirms what you saying.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27470682.html

So If I had a new Non Domain PC, I would just run the old dated Installer, and that would work right.?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40307068
Correct.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now