Joemt
asked on
SBS2011 Fix my Network created a new certificate - did not update the certificate distribution package - IS it possible to export certificate from EMC to a cer format
The SBS2011 server had a certificate break, so "Fix my network" reported the problem and fixed it by making two new certificates. The certificate distribution package in the public\download directory is not longer valid.
Problem: Client access remotely with the https://mail.<domainname>.com/remote now get the RD gateway error - both win 7 and 8. (old certificate has been removed from the browsers.
In the past, I have always rebuilt the certificate package by hand.
I can see the certificate in EMC, How can I get that new certificate exported to a .cer so I can then import it into the workstations. I've never been able to get the distribution package to update. I just want to make sure that whatever I do does not cause a domino effect
Problem: Client access remotely with the https://mail.<domainname>.com/remote now get the RD gateway error - both win 7 and 8. (old certificate has been removed from the browsers.
In the past, I have always rebuilt the certificate package by hand.
I can see the certificate in EMC, How can I get that new certificate exported to a .cer so I can then import it into the workstations. I've never been able to get the distribution package to update. I just want to make sure that whatever I do does not cause a domino effect
ASKER
OWA works fine. Once in Remote, the bookkeeper needs to "connect" to a workstation in the computers list. THat's when I receive the RD gateway error. I need to install the correct certificate in order to "connect" to a computer in the list.
The cert in the "cert distribution package" is wrong and I can't export the cert from EMC. The link you sent me is not the same issue and my outlook works fine.
RD-Gateway.jpg
view-cert.jpg
The cert in the "cert distribution package" is wrong and I can't export the cert from EMC. The link you sent me is not the same issue and my outlook works fine.
RD-Gateway.jpg
view-cert.jpg
ASKER
If I were to go to a SSL Certificate from GoDaddy would that solve the issues I'm having? Would that eliminate the need for the cert distribution package?
Questions:
1. How many certificates do I need (types).
2. do the go daddy certificates replace ALL the existing certificates. if so, do I remove them manually?
3. Procedure?
4. Anything else to know?
Thank you
Questions:
1. How many certificates do I need (types).
2. do the go daddy certificates replace ALL the existing certificates. if so, do I remove them manually?
3. Procedure?
4. Anything else to know?
Thank you
ASKER
On on the configuration:
Single domain controller - SBS2011, we use OWA and remote , A true email exchange server.
Single domain controller - SBS2011, we use OWA and remote , A true email exchange server.
We only use one cert for our sbs2011 server.
We use remote.servername.com
What happen if they connect to remote.servername.com?
CT
We use remote.servername.com
What happen if they connect to remote.servername.com?
CT
ASKER
This server is set to mail.<domainname>.com the only issue is I cannot get to the new certificate to install on the workstations. The RD gateway message is generated because the certificate is not installed at the workstation.
So I assume your following these steps.
http://blogs.technet.com/b/sbs/archive/2011/04/19/how-to-obtain-the-certificate-distribution-package-in-sbs-2011-standard-through-remote-web-access.aspx
CT
http://blogs.technet.com/b/sbs/archive/2011/04/19/how-to-obtain-the-certificate-distribution-package-in-sbs-2011-standard-through-remote-web-access.aspx
CT
ASKER
The package had the old certificate, not the new Certificate. I have currently removed (cut and past ) the package off the server to prevent any of the users from trying to use it.
I see these as my options:
1. get the certificate exported to a .cer file, which I see no utility to do so in the EMC.
2. Some how get the get the certificate distribution package to update. (Procedure that works?)
3. I need to purchase a ssl certificate form go daddy and install (never done this before and not sure of what I need - 1 certificate for single exchange server and works with OWA and Remote)
What is the best option?
What is my best option?
I see these as my options:
1. get the certificate exported to a .cer file, which I see no utility to do so in the EMC.
2. Some how get the get the certificate distribution package to update. (Procedure that works?)
3. I need to purchase a ssl certificate form go daddy and install (never done this before and not sure of what I need - 1 certificate for single exchange server and works with OWA and Remote)
What is the best option?
What is my best option?
You could also used a self-signed cert.
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
CT
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
CT
ASKER
Ok I have read /watch the suggested video.
1. Internet Address Management Wizard:
IS it possible to run this wizard and not have it screw up my exchange server and Email? This server is working fine, I just need to get a certificate to load in the remote access laptop. Our mail.<domainname>.com is established and I don't want it screwed up.
2. Purchasing a certificate from Godaddy.
If I purchase a ssl certificate, (seems reasonable priced). Do I need just one certificate for the entire server (exchange emails, owa and remote (Iis). Once installed on the server do the remote workstations still require the installation of the certificate or is the certificate simply accepted by the remote workstation
1. Internet Address Management Wizard:
IS it possible to run this wizard and not have it screw up my exchange server and Email? This server is working fine, I just need to get a certificate to load in the remote access laptop. Our mail.<domainname>.com is established and I don't want it screwed up.
2. Purchasing a certificate from Godaddy.
If I purchase a ssl certificate, (seems reasonable priced). Do I need just one certificate for the entire server (exchange emails, owa and remote (Iis). Once installed on the server do the remote workstations still require the installation of the certificate or is the certificate simply accepted by the remote workstation
Once you install on the server you do not need to install on the workstations. This would keep it simple and I have purchased from godady before.
CT
CT
ASKER
My biggest concern is to avoid disruption of (exchange) email services for the client.
Questions:
What exact certificate do I need to purchase from Go Daddy and how do I ensure it works with our set up? I need the exchange server to continue to received and send email. Client uses mail.<domainname>. com for OWA and Remote.
Do I tie all 4 services (IMAP, POP SMTP, IIS) to the certificate?
Questions:
What exact certificate do I need to purchase from Go Daddy and how do I ensure it works with our set up? I need the exchange server to continue to received and send email. Client uses mail.<domainname>. com for OWA and Remote.
Do I tie all 4 services (IMAP, POP SMTP, IIS) to the certificate?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did finally try the wizard and even though others reported it did not work it did work for me.
http://mobile.experts-exchange.com/questions/28266166/Change-the-certificate-used-by-Exchange-2010-in-SBS2011.html
Also I assume your not using a wildcard cert. Sbs2011 hate them
CT