none
Win SBS 2008 and RWW (Cert issue?)

    Question

  • Hello Everyone,

    I have a Windows 2008 SBS box (fully patched), which I am trying to connect to via RWW. When I go to the https://mail.myhappydomain.com/ I get the SSL cert warning page. We are using a self-assigned cert and receive the following error “This certificate cannot be verified up to a trusted certification authority.” When I view the cert via Internet Explorer everything is the cert looks correct it has mail.myhappydomain.com as the site and is issued by domain-servername-CA. There are no errors in the server event logs.

    Here is what I have done so far:

    Ran the “Setup your Internet Address” wizard to use mail.myhappydomain.com (I understand remote.myhappydomain.com is recommended). The wizard completes without error. When I check IIS it shows that a new cert was created. When I go to \Public\Downloads\Certificate Distribution Package folder, the SSL cert is not modified with the new one. I have tried removing the cert in \Public\Downloads\Certificate Distribution Package folder and then exporting the new cert from the IIS into that folder (keeping the same cert name). When I run client install it completes without errors but when I go to the RWW webpage it indicates a problem with the cert. “This certificate cannot be verified up to a trusted certification authority.” I have tried importing the cert directly from IE but when I close IE and return to the site I get the same message/warning. I did run the "Fix My Network" Wizard on the server and it did not find any problems.

    I have confirmed that ports 80, 443, 987, and 3389 are all open in the hardware firewall.

    Any help you can offer is greatly appreciated. Thanks in advance!

    Tuesday, August 31, 2010 5:02 PM

Answers

  • Can you try this?

    Remove the cer package zip file from the share, re-run both the wizards. It should create a new zip file with the recent certificate. Install that cert on the client.


    KetanT | Microsoft
    • Marked as answer by Techmobile Tuesday, August 31, 2010 7:12 PM
    Tuesday, August 31, 2010 6:36 PM

All replies

  • Can you try this?

    Remove the cer package zip file from the share, re-run both the wizards. It should create a new zip file with the recent certificate. Install that cert on the client.


    KetanT | Microsoft
    • Marked as answer by Techmobile Tuesday, August 31, 2010 7:12 PM
    Tuesday, August 31, 2010 6:36 PM
  • Hello Ketan,

    That did the trick! Thank you very much.

    Just to clarify for everyone else, here is what I did:

    1. Removed the "Certificate Distribution Package" folder and the "Install Certificate Package.zip" from the \Public\Downloads folder.

    2. Ran the “Setup Your Internet Address” wizard from the Windows SBS Console.

    3. Ran the "Fix My Network" wizard from the Network Tab of Windows SBS Console. (The wizard informed me that the SSL Cert Package was missing and created a new one).

    4. Ran the install package on the client.

    Thanks again!

    Tuesday, August 31, 2010 7:12 PM