Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 179
  • Last Modified:

Will SBS Self Signed SHA1 certificates work with RWW after 2017?

Hi,

We've inherited a few customers who occasionally use RWW or OWA and have valid SHA1 SBS self signed certificates.
They installed using the SBS generated Certificate bundle on their remote PC's.
Even though they get the warning on the URL bar, will they still be able to use Remote Web Workplace or OWA with these certs?
0
Ace-IT
Asked:
Ace-IT
  • 5
  • 4
1 Solution
 
Cris HannaCommented:
What is the warning for?
0
 
Ace-ITAuthor Commented:
Sorry, the question is in the subject.
I'm wondering if they'll still be able to use the SBS self signed sha1 cert for RWW/Owa after Jan 2017.
0
 
Cris HannaCommented:
Actually starting in Feb, they will be completely blocked...but this is a really easy fix...spend 5.00/yr for a trusted single name cert using the SBS trusted cert wizard in the console
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Ace-ITAuthor Commented:
Thanks Cris.

Does this mean the Self Signed one will continue to work for the internal .local DNS and the trusted single name cert will be for a single external DNS (remote.domainname.com for example?)

The issue with this is that you need a wildcard/UCC cert to cover the Autodiscover & Remote. or Mail. sub domains, otherwise Activesync, Outlook Over RPC etc. won't work I believe?
0
 
Cris HannaCommented:
Someone has given you bad information about needing a UCc cert.   Only a single name cert is required.  . Local is not supposed in any certain now.
0
 
Ace-ITAuthor Commented:
So are you saying that only remote.contoso.com needs an ssl cert and not autodiscover.contoso.com for Outlook anywhere or RWW client to connect without ssl errors?
I know that .local internal domain names aren't used anymore but SBS 2008-11 uses this as default and a lot of them still have it.
0
 
Cris HannaCommented:
That's what I'm saying and it's always been true.   In fact updates were issued that remove the .local portion when doing a request for a 3rd party cert
0
 
Ace-ITAuthor Commented:
OK Thanks for that.
It looks like there is additional configuration for the External DNS to allow autodiscover on a single cert too:
http://www.thirdtier.net/2011/06/setting-up-autodiscover-for-sbs-2011/
0
 
Cris HannaCommented:
that's correct.  Susan's original article for SBS is right here http://blogs.msmvps.com/bradley/2008/12/19/autodiscover-and-dns/
but it's quick to set up
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now