We help IT Professionals succeed at work.

SBS2011  Fix my Network created a new certificate - did not update the certificate distribution package  - IS it possible to export certificate from EMC to a cer format

The SBS2011 server had a certificate break, so "Fix my network" reported the problem and fixed it by making two new certificates.  The certificate distribution package in the public\download directory is not longer valid.

Problem:  Client access remotely with the https://mail.<domainname>.com/remote now get the RD gateway error - both win 7 and 8.  (old certificate has been removed from the browsers.

In the past, I have always rebuilt the certificate package by hand.  

I can see the certificate in EMC, How can I get that new certificate exported to a .cer  so I can then import it into the workstations. I've never been able to get the distribution package to update.  I just want to make sure that whatever I do does not cause a domino effect
Comment
Watch Question

Check this post they have good troubleshooting tips.
http://mobile.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28266166.html


Also I assume your not using a wildcard cert. Sbs2011 hate them

CT

Author

Commented:
OWA works fine.  Once in Remote, the bookkeeper needs to "connect" to a workstation in the computers list.  THat's when I receive the RD gateway error. I need to install the correct certificate in order to "connect" to a computer in the list.

The cert in the "cert distribution package" is wrong and I can't export the cert from EMC.  The link you sent me is not the same issue and my outlook works fine.
RD-Gateway.jpg
view-cert.jpg

Author

Commented:
If I were to go to a SSL Certificate from GoDaddy would that solve the issues I'm having?  Would that eliminate the need for the cert distribution package?
Questions:

1. How many certificates do I need (types).
2. do the go daddy certificates replace ALL the existing certificates. if so, do I remove them manually?
3. Procedure?
4. Anything else to know?

Thank you

Author

Commented:
On on the configuration:

Single domain controller - SBS2011, we use OWA and remote , A true email exchange server.
We only use one cert for our sbs2011 server.
 We use remote.servername.com

What happen if they connect to remote.servername.com?

CT

Author

Commented:
This server is set to mail.<domainname>.com  the only issue is I cannot get to the new certificate to install on the workstations.  The RD gateway message is generated because the certificate is not installed at the workstation.

Author

Commented:
The package had the old certificate, not the new Certificate.  I have currently removed (cut and past ) the package off the server to prevent any of the users from trying to use it.  

I see these as my options:

1.  get the certificate exported to a .cer file, which I see no utility to do so in the EMC.
2. Some how get the get the certificate distribution package to update.  (Procedure that works?)
3. I need to purchase a ssl certificate form go daddy and install (never done this before and not sure of what I need - 1 certificate for single exchange server and works with OWA and Remote)

What is the best option?

What is my best option?

Author

Commented:
Ok I have read /watch the suggested video.

1. Internet Address Management Wizard:  

IS it possible to run this wizard and not have it screw up my exchange server and Email?   This server is working fine, I just need to get a certificate to load in the remote access laptop. Our mail.<domainname>.com is established and I don't want it screwed up.

2. Purchasing a certificate from Godaddy.

If I purchase a ssl certificate,  (seems reasonable priced). Do I need just one certificate for the entire server (exchange emails, owa and remote (Iis).  Once installed on the server do the remote workstations still require the installation of the certificate or is the certificate simply accepted by the remote workstation
Once you install on the server you do not need to install on the workstations. This would keep it simple and I have purchased from godady before.

CT

Author

Commented:
My biggest concern is to avoid disruption of (exchange) email services for the client.
Questions:

What exact certificate do I need to purchase from Go Daddy and how do I ensure it works with our set up? I need the exchange server to continue to received and send email. Client uses mail.<domainname>. com for OWA and Remote.

Do I tie all 4 services (IMAP, POP SMTP, IIS) to the certificate?
This should help answer you question and has expain which ssl and how to install.

It will not change the name of server or services in any way.

http://mobile.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27973020.html

CT

Author

Commented:
I did finally try the wizard and even though others reported it did not work it did work for me.