Solved

SBS 2011 Renew Self Signed Certificate - Update Installer Package

Posted on 2014-09-05
4
1,342 Views
Last Modified: 2014-09-05
I have an SBS 2011 Site where I was getting the Warning "Leaf certificate expiring"

Site is running the standard SBS Self signed certificate

I ran the "Fix Network" from console and the Certificate renewed Fine. Then I ran the Installed Trusted Certificate wizard and selected the new cert because SBS does not update the console as per

http://www.itsupportkb.com/sbs2011/sbs-2011-self-signed-certificate-not-updating-in-sbs-console-after-renewal

Question is how do I update the "Install Certificate Package" all my research show me having to do this manually via IE;

"To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file."

This is a real pain how do I just update the package to include the new cert ??? as it was originally.
0
Comment
Question by:it-pro
  • 3
4 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40307063
You don't have to. The package installs the root certificate onto a client machine, not the leaf, and the root has a longer time before expiring. That was by design. Since the root signs the leaf, renewing the leaf (as you did) does not require redeploying a package as the root will still be trusted so the new leaf is inherently trusted as well.
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40307064
Basically the link is unnecessary and shows a fundamental misunderstanding of the root/leaf system that most certificates use and how SBS implemented it to make admin of SBS easier.
0
 
LVL 2

Author Comment

by:it-pro
ID: 40307066
Thanks - just also found this that confirms what you saying.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27470682.html

So If I had a new Non Domain PC, I would just run the old dated Installer, and that would work right.?
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40307068
Correct.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question