SBS 2008 Remote Web Workplace Certificate
-
Friday, March 08, 2013 1:54 PM
I have an SBS 2008 Server that the certificate expired on. I renewed it as per the thousands of guides online using the Connect to Internet Wizard. After I created it, I added it using the "Add a trusted Certificate". And then exported it so I could re-import it on to users workstations. HOWEVER. When i import this certificate into IE. It doesnt recognize it. I can see the cert in the Certificates MMC under trusted root, but not in the IE cert store under trusted root.
This issue has happened under multiple computers. The only common factor is the SBS Server. Any ideas?
All Replies
-
Friday, March 08, 2013 4:46 PM
Have you tried using the Certificate Distribution Package (InstallCertificate.exe) program located on the server?
-
Friday, March 08, 2013 7:01 PMThe Installation Package is created when the server is installed and therefore uses the expired cert. This only started happening AFTER I renewed the cert
-
Friday, March 08, 2013 7:11 PM
I haven't tried it yet but can't you replace the old cert with the new and use the program to install?
Also, try running IE with admin rights and reinstall the cert.
- Edited by IbanezWiz Friday, March 08, 2013 7:11 PM
-
Friday, March 08, 2013 8:32 PMTried as admin and the cert still didnt show up in IE. However. Like I stated above, the cert is installed on the computer if you open MMC and look at the certificates from there
-
Friday, March 08, 2013 8:58 PM
Go to IE, Tools, click on the Content Tab, then Certificates. Under Certificates click on Trusted Root Certfication Authorities. See if your certificate (for you domain) is there. Check the expiration date. What does it say?
- Edited by IbanezWiz Friday, March 08, 2013 9:03 PM
-
Friday, March 08, 2013 9:08 PM
Can you access the server from a work station using: remote.servername.com/owa?
Is so, does the browser prompt (warn) you about is not being a trusted...? click on whatever to continue?
-
Friday, March 08, 2013 9:50 PM
This is a reply to both of your posts. The cert does not show up in IE. However it shows up when I open up MMC, and add the certificates snap-in, and browse the certs there under Trusted Root.
I can access the servers, external websites (RWW, OWA) however it promts saying its not trusted (because the cert isnt in IE) I can access OWA (because it doesnt need the cert) But I cannot access computers via RWW due to this issue
I guess I should preface before we go any further into basic troubleshooting. This isnt the first time ive renewed a self signed cert in SBS 2008. This is probably the 50th. Im an MSP provider, and as such, manage a bunch of SBS 2008 boxes. However this box was not originally configure by me and was setup incorrectly. Im trying to resolve these issues, but this is one that normal cert troubleshooting has resolved. And as such, I am posting here for some out of the box idea's
-
Friday, March 08, 2013 10:07 PMIt's sounds like you're better qualified than me then.
-
Friday, March 08, 2013 11:54 PM
hi
i've had this issue this time too. he first renewal worked fine 2 years ago, this latest one didnt. i have 2 pcs that arent part of the domain that wont update the 2 yearly certificate, leaf.
however the pcs on the domain have all been updated.the certificate package file installs only the root certificate 5 year one, which only works locally as is called server.local the leaf is for remote access fore remoe.domain.com and hasnt updated on remote pc'sthe only advice i get from here is to go buy a certificate from godaddy, which i dont find helpful
tris
-
Monday, March 11, 2013 7:50 AMModerator
Hi ,
Thank you for posting your issue in the forum.
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
Best Regards,
Andy Qi
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Andy Qi
TechNet Community Support
-
Monday, March 11, 2013 6:19 PMThanks for the replies thus far. Looks like im not the only one in this boat so hopefully we can get this sorted
-
Tuesday, March 12, 2013 8:31 AM
What's the result if you manually import the new certificate to Trusted Root Certification Authorities store in IE?
Regards,
Diana
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Tuesday, March 12, 2013 3:01 PMAs i have stated above. I have done this multiple times. it doesnt show up in IE. but it shows up in the computers Certificate Store
-
Wednesday, March 13, 2013 8:56 AM
I tested it on my side, if the certificate imported is not a root certificate, this issue occurs. This certificate shows up in Trusted Root Certification Authority store, but not in IE Trusted Root store.
Please double confirm the certificate you renewd and then imported is a root certificate.
Regards,
Diana
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked As Answer by Andy QiMicrosoft Contingent Staff, Moderator Friday, March 29, 2013 6:40 AM
-
Wednesday, March 13, 2013 3:41 PMHow do I renew as a root certificate? I renewed the cert using the connect to internet wizard.
-
Thursday, March 14, 2013 3:19 AM
Non-root certificate cannot be renewed to root certificate. If it is not root certificate, you can import to Intermidate Certification Authority.
Regards,
Diana
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked As Answer by Andy QiMicrosoft Contingent Staff, Moderator Friday, March 29, 2013 6:40 AM
-
Thursday, March 14, 2013 12:39 PMIf im not mistaken, the SBS 2008/2011 self signed cert is a trusted root cert. If it was regenerated as a intermediate cert, Is there any way to make it a trusted root again?
-
Thursday, March 14, 2013 1:38 PM
I don't know if this applies or not, but may be worth a try.
On the workstations I had to bring up the certificates MMC, then remove ALL entries pertaining to the server in question.
After that I ran the installcertificate.exe program with the most current certificate.
After that everything was working the way it should.
I have to have all of those wanting to use RWW from home bring in their computers, so that I can perform this process.
If the certificate changes, we have to start all over again.
-
Friday, March 15, 2013 1:55 PMStevo. Thanks for the info. However i have unfortunately tried this. I have tried using the install package with the new cert and it also has not worked. im out of ideas here
-
Wednesday, March 20, 2013 7:14 AM
Pls export the certificate to me, let's test it on my side.
Regards,
Diana
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Friday, March 22, 2013 8:56 AM
Any update?
Regards,
Diana
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
.png)
