none
SSL Certificate Renewal

    Question

  • Hello,

    My existing SSL certificate has expired, and needed to be renewed. I've received my new cert, and imported to my server. I've tried a few different ways to replace my existing cert:

    - Import into local machine store, update IIS bindings. Update RD Gateway cert. Update SSTP binding.
    - Run Domain Config wizard, use existing cert, supply newly received cert PFX. Run repair on access anywhere.

    No matter which method used, while the new cert works for a day or 2, it eventually reverts to the machines self signed cert resulting in errors. I can't find an event that correlates to reverting certificates, so I'm at a real loss as to what's taking place.

    Any guidance on how to complete this scenario properly?

    Thanks,
    Tim

    Monday, March 04, 2013 9:23 AM

All replies

  • I would run the Anywhere Access wizard and turn off RWA.

    Reboot.

    Run it again and import the new certificate from PFX.


    Robert Pearman SBS MVP
    itauthority.co.uk | Title(Required)
    Facebook | Twitter | Linked in | Google+

    Monday, March 04, 2013 12:51 PM
    Moderator
  • Thanks Robert, I'll give that a go. A reboot never hurt anyone ;)

    Have I missed the guidance on how to perform a cert renewal though? Would think this is a fairly common procedure.

    Thanks,
    Tim

    Monday, March 04, 2013 6:58 PM
  • Guidance is few and far between right now.

    Best thing to remember is that the 'renewal' is essentially a term for the process, but not what you're doing.

    Im paraphrasing slightly, but the process is identical to purchasing a new SSL, it just happens to have the same name.

    So, you can go through the process here:

    http://titlerequired.com/2013/02/06/manually-creating-a-certificate-request-windows-server-essentials-sbs/


    Robert Pearman SBS MVP
    itauthority.co.uk | Title(Required)
    Facebook | Twitter | Linked in | Google+

    Monday, March 04, 2013 8:32 PM
    Moderator
  • No dice :( Cert still reverts to the servers self signed cert from my purchased SSL cert.

    Very strange...

    Tuesday, March 05, 2013 6:22 PM
  • Hello Robert,

    I am exactly in the same situation as "tsull360". I have to renew my existing certificate from GoDaddy and I don't find any instructions how to do it. What is the exact procedure on how to renew an existing certificate using Anywhere Access wizards? Meanwhile, I have looked at your "RWA & SSL Configuration Decision-o-Matic" chart from your site (http://titlerequired.com/2013/02/06/manually-creating-a-certificate-request-windows-server-essentials-sbs/) and figured that my newly issued certificate has to be imported as a PFX file into W2k12srve. Is this correct? If so, how do I manage to get this PFX file from GoDaddy?

    Regards,


    Yves Leduc

    Tuesday, March 19, 2013 4:09 PM
  • Did you ever get an answer to your question about renewing SSL certificates?  I'm about to go through the process.

    Charlie Storke

    Thursday, October 17, 2013 4:30 AM
  •  Tried to get an answer to this earlier, with no success. I just ended up creating a new cert request and going through the wizard again :(

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/4c125736-46f4-42c3-b94a-792085991e42/how-do-you-renew-the-anywhere-access-certificate?forum=winserveressentials#6a338d55-9814-46c5-a560-e993cba67102

    Saturday, October 19, 2013 8:51 AM
  • Here's what worked for me for 2012 Essentials:

    Start the Essentials dashboard.  In the upper right corner, click on Settings.  In the Settings dialog, in the left column, click on Anywhere Access. Under Domain name, click "Set up" to start the wizard.
    Getting Started:  (No settings)
    Configure your domain name:  Import a new trusted SSL certificate
    Set up a trusted SSL certificate:  "remote" is already there. Choose I want to purchase a trusted SSL certificate for the domain name.
    Generate a certificate request:  Copy
    [get the cert from your provider]
    A trusted SSL certificate reqeust is in progress...:  I have the trusted SSL certificate information from my certificate provider
    Import the trusted certificate:  Copy and paste...
    Repair as suggested in last pane

    It's not clear to me if this is creating a new private key or reusing the old one. I guess it doesn't matter. Regardless, start Certificate Manager for the Computer and export the new cert to PFX with the private key. Also, I delete the previous year's certificate while in Certificate Manager. At least with SBS 08, if you didn't do that, it would keep putting warnings in the event log.

    Mark Berry
    MCB Systems

    Friday, November 08, 2013 1:15 AM
  • Renewals are essentially new certificates - you don't need to get hung up on the term 'renewal'

    As long as the issuing authority is trusted - then it will be ok.


    Robert Pearman SBS MVP
    itauthority.co.uk | Title(Required)
    Facebook | Twitter | Linked in | Google+

    Friday, November 08, 2013 10:52 AM
    Moderator