Solved

Will SBS Self Signed SHA1 certificates work with RWW after 2017?

Posted on 2016-11-16
9
114 Views
Last Modified: 2016-11-23
Hi,

We've inherited a few customers who occasionally use RWW or OWA and have valid SHA1 SBS self signed certificates.
They installed using the SBS generated Certificate bundle on their remote PC's.
Even though they get the warning on the URL bar, will they still be able to use Remote Web Workplace or OWA with these certs?
0
Comment
Question by:Ace-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 41891429
What is the warning for?
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41892328
Sorry, the question is in the subject.
I'm wondering if they'll still be able to use the SBS self signed sha1 cert for RWW/Owa after Jan 2017.
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 500 total points
ID: 41892491
Actually starting in Feb, they will be completely blocked...but this is a really easy fix...spend 5.00/yr for a trusted single name cert using the SBS trusted cert wizard in the console
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Ace-IT
ID: 41892508
Thanks Cris.

Does this mean the Self Signed one will continue to work for the internal .local DNS and the trusted single name cert will be for a single external DNS (remote.domainname.com for example?)

The issue with this is that you need a wildcard/UCC cert to cover the Autodiscover & Remote. or Mail. sub domains, otherwise Activesync, Outlook Over RPC etc. won't work I believe?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 41892682
Someone has given you bad information about needing a UCc cert.   Only a single name cert is required.  . Local is not supposed in any certain now.
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41898414
So are you saying that only remote.contoso.com needs an ssl cert and not autodiscover.contoso.com for Outlook anywhere or RWW client to connect without ssl errors?
I know that .local internal domain names aren't used anymore but SBS 2008-11 uses this as default and a lot of them still have it.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 41898457
That's what I'm saying and it's always been true.   In fact updates were issued that remove the .local portion when doing a request for a 3rd party cert
0
 
LVL 1

Author Comment

by:Ace-IT
ID: 41900024
OK Thanks for that.
It looks like there is additional configuration for the External DNS to allow autodiscover on a single cert too:
http://www.thirdtier.net/2011/06/setting-up-autodiscover-for-sbs-2011/
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 41900027
that's correct.  Susan's original article for SBS is right here http://blogs.msmvps.com/bradley/2008/12/19/autodiscover-and-dns/
but it's quick to set up
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question