[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1861
  • Last Modified:

SBS 2011 Renew Self Signed Certificate - Update Installer Package

I have an SBS 2011 Site where I was getting the Warning "Leaf certificate expiring"

Site is running the standard SBS Self signed certificate

I ran the "Fix Network" from console and the Certificate renewed Fine. Then I ran the Installed Trusted Certificate wizard and selected the new cert because SBS does not update the console as per

http://www.itsupportkb.com/sbs2011/sbs-2011-self-signed-certificate-not-updating-in-sbs-console-after-renewal

Question is how do I update the "Install Certificate Package" all my research show me having to do this manually via IE;

"To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file."

This is a real pain how do I just update the package to include the new cert ??? as it was originally.
0
it-pro
Asked:
it-pro
  • 3
1 Solution
 
Cliff GaliherCommented:
You don't have to. The package installs the root certificate onto a client machine, not the leaf, and the root has a longer time before expiring. That was by design. Since the root signs the leaf, renewing the leaf (as you did) does not require redeploying a package as the root will still be trusted so the new leaf is inherently trusted as well.
0
 
Cliff GaliherCommented:
Basically the link is unnecessary and shows a fundamental misunderstanding of the root/leaf system that most certificates use and how SBS implemented it to make admin of SBS easier.
0
 
it-proAuthor Commented:
Thanks - just also found this that confirms what you saying.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27470682.html

So If I had a new Non Domain PC, I would just run the old dated Installer, and that would work right.?
0
 
Cliff GaliherCommented:
Correct.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now