none
How do I setup a SSL certificate in SBS 2011 Essentials?

    Question

  • I am trying to set up RWA using a domain I have hosted online, and I am having difficulty getting the SSL setup.  I have a dedicated IP from the domain server(JustHost.com) and have purchased SSL certificates.  I am having the hardest time finding any information on putting the jigsaw pieces together in the right order.  Does anyone have any advice on doing the manual installation of SSL certificate in sbs essentials 2011?  The firewall and port forwarding are all setup and running, filesharing is all functioning correctly, just have the next step to allow remote web access. 

    Thanks,

    Coyote F

    • Moved by Tim Quan Friday, June 03, 2011 5:09 AM (From:Small Business Server)
    Thursday, June 02, 2011 2:53 AM

Answers

All replies

  • There is a separate forum for SBS 2011 Essentials so that is the better
    forum to ask these questions:

    Technet.en.US.Smallbusinessserver2011Essentials

    Steve

    <Coyote F> wrote in message news:b6018e56-c17f-4d3a-84c2-489683bc99ad@communitybridge.codeplex.com...

    I am trying to set up RWA using a domain I have hosted online, and I am having difficulty getting the SSL setup. I have a dedicated IP from the domain server(JustHost.com) and have purchased SSL certificates. I am having the hardest time finding any information on putting the jigsaw pieces together in the right order. Does anyone have any advice on doing the manual installation of SSL certificate in sbs essentials 2011? The firewall and port forwarding are all setup and running, filesharing is all functioning correctly, just have the next step to allow remote web access.

    Thanks,

    Coyote F

    Thursday, June 02, 2011 4:32 AM
  • Why not use the wizard to set up the ssl?

    Thursday, June 02, 2011 7:47 AM
  • When I enter the domain name using the wizard, it sends me to Enom to upgrade etc, which I have done already with my justhost.com domain provider/host.  My trouble is in the next windows in the process.
    Thursday, June 02, 2011 3:03 PM
  • Currently this is the (kinda funky) process.  You are prompted to go through enom to get an update/ssl cert purchase.

    At the present time until they post manual instructions, I'm not comfy walking someone through adding the cert manually until I hear exactly where they want the ssl cert to be.

    I'll ping up the folks again as this funky process has been bugged as (IMO) it's not the most consultant friendly it could be.

    Thursday, June 02, 2011 3:32 PM
  • The SSL certificate issue seems like extortion to me.  I already have a SSL certificate, however I cannot find ANY documentation on how to manually install it.  As a means to getting the server up I purchased ANOTHER SSL cert using the wizard through godaddy.  Now the RWW wizard says that the certificate is being renewed by the registrar.  It woud seem to me that the same tools that are in SBS 2011 standard should be available in essentials.  I need to know how to either install it manually or how to get ye additional SSL cert to be recognized

    Monday, June 13, 2011 4:14 AM
  • It's not extortion.  It's more of a case of not getting good feedback at the right time.  When I finally realized that the wizard sensed/determined what existing domain registrar you already had and thus forced you to go back to that domain registrar and buy the ssl cert from them, and didn't take into account how many var/vaps set up networks where you have cheap ssl certs from ANOTHER entity that you then use, the feedback didn't get into the wizard to do anything about this at RTM.

    It's not the same ssl cert wizard as SBS 2011.    You need to manually add the ssl cert into the IIS web site, and then make sure it's in the tsgateway like it should be.

    Let me see if I can figure this out and blog something and asking the SBS blog to post something as well.

    Monday, June 13, 2011 5:30 AM
  • Still no update? It really seems absurd to me that Microsoft would RTM a product and not have proper documentation available to end users.  As a result we are unable to utilize the features that they are touting.
    Wednesday, June 15, 2011 4:53 PM
  • Go with buying a ssl cert from the domain that you've parked with and it works fine.  Or use the .remotewebaccess.com domain.

    I pinged Microsoft, they are working on it, I've been busy to investigate it personally.  Sorry.

    Wednesday, June 15, 2011 5:00 PM
  • I am looking for a solution for this as well.  i have added the ssl cert to IIS. but still cannot remote access.  Thanks in advance.
    Thursday, June 16, 2011 6:47 AM
  • I've been battling this issue for a week and have had my web site hosting provider working with me to help get it fixed. I've purchased 2 RapidSSL certificates from enom who was already my registrar. I've used the automated process attempting to use an existing domain which failed and then bought the second certificate using remote.mydomain.com and it is failing as well even though in my enom account the certificate indicates "Issued". If it is possible to set this up manually bypassing the wizard I would like to know the steps since I do not know how to "You need to manually add the ssl cert into the IIS web site, and then make sure it's in the tsgateway like it should be" as Susan suggested. I see that sohocs did not have success in adding it manually but I am willing to give it a try if someone could please provide the steps or a link with the steps.

    This is the same thing I keep getting from the wizard:“An error occurred setting up your domain name. The domain name was not set up for your server. Wait a few minutes and run the wizard again. The domain name was not successfully purchased on the domain name service provider Web site. Rerun the Set Up Your Domain Name wizard and make sure you successfully purchase the domain name on the domain name service provider Web site”. This is in using  remote.a1affordablegaragedoorservices.com.

    Thank you for any help

    Wednesday, July 06, 2011 7:38 PM
  • If I had the steps, the KB would be published already, but it's not.  I haven't had a chance to walk through and do a step by step yet.

    Can you check to see if that domain is under your godaddy purchased process?  Also stupid question - have you installed IE9 on that box?

    Wednesday, July 06, 2011 7:49 PM
  • Not sure what your asking about godaddy since I've only been using enom and when I check my account with enom I have 2 certs. One for mydomain.com and one for remote.mydomain.com.

    Yes IE9 is on the box.

    Oh my first attempt to get info was placed here http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver2011essentials/thread/51be9c20-a8ce-4c92-b060-8feeb9fbde2f

    Thank you for helping

    Wednesday, July 06, 2011 7:57 PM
  • Not sure if this matters but here's a little more info. I'm using an evaluation copy. I've already purchased Microsoft Windows Small Business Server 2011 Essentials 64-bit - Retail in June but everywhere I looked only had it available as a back order. I wanted to get started on it so installed the eval and once I receive the license will of course activate it. Anyway thought perhaps the eval could be an issue. Do you think that is part of the issue?

    Wednesday, July 06, 2011 8:26 PM
  • Nope.  Let me make sure IE9 isn't a problem here.
    Wednesday, July 06, 2011 8:29 PM
  • Susan, once the wizard completes the search for the domain entered a button shows up indicating "Go to eNomCentral". After clicking that button IE came up at the URL https://ms-sbs.enomcentral.com/?domainname=mydomain.com&version=2&sku=Business&ownsDomain=1. The page showed the name of the domain with the amount of an SSL and a button link "Get Started Now". At the bottom of IE there was a note "an add on for this site failed to run". I thought this may help in your IE9 research.

    Wednesday, July 06, 2011 10:48 PM
  • I ran through this with godaddy and the site was really difficult to navigate.

    i had to trick the site into letting me purchase, by adding things to the basket - then removing them once i was on the checkout page.

    The SSL was finally purchased, but has so far not installed itself. thats about 24 hours later.

     

    I think the answer here is that this wizard is not doing what it claims to do - and the answer will be to remove the domain name, then rerun it and add the SSL manually.


    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk
    Thursday, July 07, 2011 4:20 PM
  • I think the answer here is that this wizard is not doing what it claims to do - and the answer will be to remove the domain name, then rerun it and add the SSL manually.
    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk


    The issue may be the wizard is failing but as in my previous posts I have asked for information or documentation on how to bypass the wizard and set up manually and I'm told there is no documentation. Also I'm using enom not godaddy.

    I verified that my service provider does not block any ports. From same location with exact same router settings installed SBS 2011 Standard and was able to set up the Remote Web Access with no problem. Performed a fresh install of SBS 2011 Essentials and still get the exact same result, "An error occurred while settng up your domain name. The domain name was not set up for your server. Wait a few minutes and run the wizard again. The domain name was not successfully purchased on the domain name service provider web site. Run the Set Up the Domain Name wizard and make sure you successfully purchase your domain name on the domain name service provider website".

    Friday, July 29, 2011 10:42 AM
  • If you already have an SSL, is it in PFX format? if so you an just install it using the wizard.

    I have a post over on my blog which shows a lot of my experiences with the wizard - including how to manually install an SSL.

     


    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk
    Friday, July 29, 2011 3:40 PM
  • It's not extortion.  It's more of a case of not getting good feedback at the right time.  When I finally realized that the wizard sensed/determined what existing domain registrar you already had and thus forced you to go back to that domain registrar and buy the ssl cert from them, and didn't take into account how many var/vaps set up networks where you have cheap ssl certs from ANOTHER entity that you then use, the feedback didn't get into the wizard to do anything about this at RTM.

    It's not the same ssl cert wizard as SBS 2011.    You need to manually add the ssl cert into the IIS web site, and then make sure it's in the tsgateway like it should be.

    Let me see if I can figure this out and blog something and asking the SBS blog to post something as well.

    Microsoft was informed of this during the BETA there were at least 10 bug reports submitted on this issue all were closed by Microsoft as "EXTERNAL". Godaddy kept saying it was a microsoft issue. This has been a problem for about a year and microsoft was aware of it.

    Don Bushway
    Saturday, August 06, 2011 6:59 PM
  • Sunday, August 07, 2011 4:26 AM
  • Thank you Susan, this does work HOWEVER the dashboard still reports the domain is not set up.
    Don Bushway
    Monday, August 08, 2011 12:32 AM
  • Okay so now go back rerun the wizard and set up the domain manually.  <<< edit - what happened to the strike out formatting

     

    Okay me go ask about a registry key as it hit me there's no way to go and do that manually.   Hang loose.

    Monday, August 08, 2011 4:15 AM
  • Susan,

    Did you happen to find the registry tweak or setting to allow getting past the 'domain is not set up' in the dashboard after completing the manual SSL method?

    Wednesday, October 19, 2011 7:01 PM
  • Don, Matt can you ping me at susan-at-msmvps.com?
    Wednesday, October 19, 2011 8:13 PM
  • Once the certificate has been imported into IIS, you simply need to add it to the bindings for the default web site:

    1. Open IIS Manager from Administrative tools.
    2. Expand your server name.
    3. Expand Sites.
    4. Select the Default Web Site and click the Bindings… action.
    5. Select HTTPS *:443: and click Edit…
      image
    6. Choose your trusted certificate and click View to ensure that you have the corresponding private key for that cert. .
    Sunday, December 18, 2011 12:13 AM
  • We have published a RWA configuration guidance, hope that will help future deployment prep works: http://social.technet.microsoft.com/wiki/contents/articles/6666.remote-web-access-deployment-guide-for-small-business-server-2011-essentials-home-server-2011-and-windows-storage-server-2008-r2-essentials.aspx At the same time, if you have quesion not covered in the above document, you can file a connect bug, or you can open a support case. Please download the WSSG Log Collector for log collecting, http://www.microsoft.com/download/en/details.aspx?id=27567 Thanks,
    This post is "AS IS" and confers no rights. Ning Kuang[MSFT] Windows HSBS Program Manager
    Thursday, February 02, 2012 1:52 PM
  • Hello all,

    After installing my first SBS 2011 Essentials server several months ago, I'm still getting this "Wait while your domain certificate request is processed" message from the Dashboard server settings applet. I remember having a hard time installing my GoDaddy cert at the time. As a matter of fact, I had to install it manualy! RWA works fine from remote locations. No cert errors! How do I get rid of the above message? Could this issue be related to the fact that RWA cannot be invoked from the inside, i.e., "http://servername" instead of "https://remote.mydomain.com" from launchpad?

    Please help!

    Regards.

      


    Yves Leduc

    Tuesday, February 21, 2012 7:43 PM
  • i would use the wizard to remove the domain name, and try setting it up again.

    There were some problems with the GoDaddy integration to start with, hopefully they have been solved now.


    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk

    Wednesday, February 22, 2012 12:33 PM
  • Hello Robert,

    How do you manage to do that?

    Regards.


    Yves Leduc

    Wednesday, February 22, 2012 10:39 PM
  • If you start the domain name wizard there is an option to remove the domain name..

    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk

    Friday, February 24, 2012 10:53 AM
  • Robert,

    Will I be able to reinstall the existing cert? If so, manually or automaticaly? In my case, the domain name is hosted at GoDaddy and the SSL cert comes from GoDaddy as well.

    Regards,


    Yves Leduc

    Monday, February 27, 2012 5:44 PM
  • This is a big failing of the wizard imo.

    If it detects your domain at GoDaddy or Enom - you do not get those manual options at all.

    My Advice would be to do a backup of the server first, then remove the domain name, then try to add it back. If it works great.

    It may not work at all (given the nature of this wizard) and if that occurs you can fall back to the backup to at least get you back to your current state.


    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk

    Tuesday, February 28, 2012 11:07 AM
  • Robert,

    What a bad news!!! This could have been  at leastdocumented by the Microsoft SBS development team! I just can't believe it!!!!!!! This is non-sense. Someone at Microsoft must react to that matter.

    Regards.


    Yves Leduc

    Tuesday, February 28, 2012 3:56 PM
  • Bugged.  The only workaround we have at this time is a manual install process.

    It's documented in their wiki posts.

    Tuesday, February 28, 2012 4:24 PM
  • TechNet SBS 2011 Essentials Manual SSL Installation Script:
    http://gallery.technet.microsoft.com/SBS-2011-Essentials-Manual-5ad9ce1e

    Manually Install an Existing SSL Cert - TechNet Articles - United States (English) - TechNet Wiki:
    http://social.technet.microsoft.com/wiki/contents/articles/5404.manually-install-an-existing-ssl-cert.aspx

    For now the only answer we go.

    Thursday, June 21, 2012 10:25 PM
  • I'm struggling with the same issue. Unfortunately, I'm one of those IP-novices that Essentials is supposed to be designed for and as I read and attempt the many threads on this topic, I'm becoming even more confused.

    Where I am at:

    Existing domain modified to add a subdomain called "secure.mydomain.com" that redirects to https://xxx.xxx.xx.xx, the office's static IP address where the SBSe server is located.

    An A record was added to the DNS that points to that same IP address.

    The router at that IP is configured to send port 443 traffic to the SBSe's local IP address.

    An SSL certificate issued for "secure.mydomain.com" was installed on the SBSe server. It was obtained by running the Manual branch of the wizard, copying the code from the wizard to the SSL key generator, then copying the code of the resulting key to the wizard. The details of the certificate appear valid.

    External traffic to secure.mydomain.com redirects to https://xxx.xxx.xx.xx/remote and after approving a security exception, displays the SBSe login screen.

    After a successful SBSe admin login, the desktop displays.

    Clicking to "Connect" to an available PC downloads an RDP file which launches RDC and displays the dialog:
    "Do you trust the publisher of this remote connection?"
    Publisher: secure.mydomain.com
    Gateway Server: xxx.xxx.xx.xx

    Clicking "Connect" produces the error:

    "Your computer cannot connect to the remote computer because the Remote Desktop Gateway Server address requested and the certificate subject name do not match." Clicking on "View Certificate" - Details shows the Subject: secure.mydomain.com

    So, what did I miss in the setup?

    ========

    Follow-on question ...

    The complete picture is that this is a "textbook" installation of the SBSe Add-On product, meaning on one box we are running Server 2008R2 with only the Hyper-V role. Within it as VM1 is the SBSe installation. Installed as VM2 is Server 2008R2 with SQL Server 2012 because I'm told SQL Server cannot reside within SBSe because of the DNS role - it needs it's own VM.  (Three-person office - one new box limit.)

    The objective is that PHP scripts on the externally hosted website will be able to post data from a webform directly into the SQL server database via secure.mydomain.com. Another objective is that Users working from home can access the database. Is this enabled by setting the router to redirect a certain port to the local IP of this VM2 server? Does the SSL cert also get loaded into this server as well since the access is via the same subdomain, just a different port, or do I need to buy another one?

    All suggestions (including "that was a boneheaded way to do it") appreciated.
    Thursday, June 28, 2012 7:10 PM