Trusted Cert Woes on SBS 2008

I decided to install a trusted cert from GoDaddy to make access to RWW,
OWA and Outlook Anywhere more user-friendly. I used:
http://smbtn.wordpress.com/2009/02/1...e-on-sbs-2008/
for my first few attempts (installing the intermediate bundle) and when
I had issues with this, I eventually used:
http://blogs.technet.com/sbs/archive...-sbs-2008.aspx
I have had several goes at this (using re-keyed certs)always with the
same results:

1. The trusted certificate never appears for selection as the preferred
certificate in the Certificate Wizard(only self-signed certs are
displayed). In the SBS Console, Network/Connectivity/Web Server
Certificate is showing the trusted cert from GoDaddy.

2. When I launch Outlook 2007, I get two Security Alerts from the site
remote.glidden.net.au. View Certificate shows the name of the trusted
cert office.glidden.net.au. This happens on PCs that are not using
Outlook Anywhere as well.

Otherwise the trusted certificate is functioning: no certificate warning
nags in RWW, OWA or Company Website.

A clue to all this is that the name of the trusted cert is different to
the self-signed one. Also, I run the fix my network wizard it tells me
that the trusted certificate has expired and removes it if checked.
I am new to and pretty clueless with certs: this is the first time i
have tried to install a trusted cert.

SBS BPA finds no issues.

Can someone please help me to sort this? Driving me bananas.

Hi Bill,

I'm assuming you use https://remote.blah.blah/remote or /owa to acces your
SBS, but your cert is for office.blah.blah.

If you use https://office.blah.blah/remote, your cert matches and you get no
warning. I looked at your cert, and it looks fine.


--
-----------------------------------------------
Les Connor [SBS MVP]

"Bill Glidden" <> wrote in message
news:...
> I decided to install a trusted cert from GoDaddy to make access to RWW,
> OWA and Outlook Anywhere more user-friendly. I used:
> http://smbtn.wordpress.com/2009/02/1...e-on-sbs-2008/
> for my first few attempts (installing the intermediate bundle) and when I
> had issues with this, I eventually used:
> http://blogs.technet.com/sbs/archive...-sbs-2008.aspx
> I have had several goes at this (using re-keyed certs)always with the same
> results:
>
> 1. The trusted certificate never appears for selection as the preferred
> certificate in the Certificate Wizard(only self-signed certs are
> displayed). In the SBS Console, Network/Connectivity/Web Server
> Certificate is showing the trusted cert from GoDaddy.
>
> 2. When I launch Outlook 2007, I get two Security Alerts from the site
> remote.glidden.net.au. View Certificate shows the name of the trusted cert
> office.glidden.net.au. This happens on PCs that are not using Outlook
> Anywhere as well.
>
> Otherwise the trusted certificate is functioning: no certificate warning
> nags in RWW, OWA or Company Website.
>
> A clue to all this is that the name of the trusted cert is different to
> the self-signed one. Also, I run the fix my network wizard it tells me
> that the trusted certificate has expired and removes it if checked.
> I am new to and pretty clueless with certs: this is the first time i have
> tried to install a trusted cert.
>
> SBS BPA finds no issues.
>
> Can someone please help me to sort this? Driving me bananas.

ps, you can change remote.blah.blah to office.blah.blah in the SBS wizard by
selecting the 'advanced' button. 'remote' is the default prefix.

--
-----------------------------------------------
Les Connor [SBS MVP]

"Bill Glidden" <> wrote in message
news:...
> I decided to install a trusted cert from GoDaddy to make access to RWW,
> OWA and Outlook Anywhere more user-friendly. I used:
> http://smbtn.wordpress.com/2009/02/1...e-on-sbs-2008/
> for my first few attempts (installing the intermediate bundle) and when I
> had issues with this, I eventually used:
> http://blogs.technet.com/sbs/archive...-sbs-2008.aspx
> I have had several goes at this (using re-keyed certs)always with the same
> results:
>
> 1. The trusted certificate never appears for selection as the preferred
> certificate in the Certificate Wizard(only self-signed certs are
> displayed). In the SBS Console, Network/Connectivity/Web Server
> Certificate is showing the trusted cert from GoDaddy.
>
> 2. When I launch Outlook 2007, I get two Security Alerts from the site
> remote.glidden.net.au. View Certificate shows the name of the trusted cert
> office.glidden.net.au. This happens on PCs that are not using Outlook
> Anywhere as well.
>
> Otherwise the trusted certificate is functioning: no certificate warning
> nags in RWW, OWA or Company Website.
>
> A clue to all this is that the name of the trusted cert is different to
> the self-signed one. Also, I run the fix my network wizard it tells me
> that the trusted certificate has expired and removes it if checked.
> I am new to and pretty clueless with certs: this is the first time i have
> tried to install a trusted cert.
>
> SBS BPA finds no issues.
>
> Can someone please help me to sort this? Driving me bananas.

Les Connor [SBS MVP] wrote:
> Hi Bill,
>
> I'm assuming you use https://remote.blah.blah/remote or /owa to acces
> your SBS, but your cert is for office.blah.blah.
>
> If you use https://office.blah.blah/remote, your cert matches and you
> get no warning. I looked at your cert, and it looks fine.
>
>
Hi Les,

No. I use either remote or office, and want to use office only, but i
get the same result with either. I know there is no error when I use
/owa or /remote. I'm only seeing the Outlook security warning.

Les Connor [SBS MVP] wrote:
> ps, you can change remote.blah.blah to office.blah.blah in the SBS
> wizard by selecting the 'advanced' button. 'remote' is the default prefix.
>
I missed that Advanced button... Will go there and do that. Thanks, Les.

Les Connor [SBS MVP] wrote:
> ps, you can change remote.blah.blah to office.blah.blah in the SBS
> wizard by selecting the 'advanced' button. 'remote' is the default prefix.
>

Les, I did that and interestingly, it made one of the Security Alerts go
away. Still got one. Will multiple office.glidden.net.au GoDaddy certs
be a problem or is only one of these active?

Les Connor [SBS MVP] wrote:
> ps, you can change remote.blah.blah to office.blah.blah in the SBS
> wizard by selecting the 'advanced' button. 'remote' is the default prefix.
>
Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
can also see the for GoDaddy certs that I installed during the saga. All
have type=unknown. AND no more Outlook Security nags.

Thanks for helping me sort this and pointing me in the general direction
of SBS Console, Advanced Mode!

Cheers,
Bill

Good stuff, Bill - glad you got it sorted.

Key is the name in the cert must match the url/site you're accessing. You
can get a cert for multiple sites but in this instance you only need
office.<domain.com>

--
-----------------------------------------------
Les Connor [SBS MVP]

"Bill Glidden" <> wrote in message
news:...
> Les Connor [SBS MVP] wrote:
>> ps, you can change remote.blah.blah to office.blah.blah in the SBS wizard
>> by selecting the 'advanced' button. 'remote' is the default prefix.
>>
> Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
> can also see the for GoDaddy certs that I installed during the saga. All
> have type=unknown. AND no more Outlook Security nags.
>
> Thanks for helping me sort this and pointing me in the general direction
> of SBS Console, Advanced Mode!
>
> Cheers,
> Bill

"Bill Glidden" <> wrote in message
news:...
> Les Connor [SBS MVP] wrote:
>> ps, you can change remote.blah.blah to office.blah.blah in the SBS wizard
>> by selecting the 'advanced' button. 'remote' is the default prefix.
>>
> Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
> can also see the for GoDaddy certs that I installed during the saga. All
> have type=unknown. AND no more Outlook Security nags.
>
> Thanks for helping me sort this and pointing me in the general direction
> of SBS Console, Advanced Mode!
>
> Cheers,
> Bill


Les, with an Exchange UC/SAN certificate, you can add those names into one
cert. The one certificate will allow multiple names added into the
certificate in what's called a subjective alternate names list. Once you've
purchased, or have your current certs modified or combined into one
certificate by GoDaddy (Exchange can use a single cert with multiple names
and they should be able to combine all of them into one for you and pro-rate
the price), you can use the Exchange PowerShell Commands to add the services
the cert will be used for.

Read the following for more info. I also just added a step-by-step in the
blog, today, to illustrate how to request and import the new cert, as well
as how to enable the use of the cert for other services, such as IIS, SMTP,
IMAP, POP, etc. Enabling it for IIS will work for what you want, as long as
the names that you need, such as rww.domain.com, office.domain.com, or
whatever else you need, is in the certificate subject alternate names list.
The manual methods work with SBS 2008, too.

Exchange 2007 UC/SAN Certificate
http://msmvps.com/blogs/acefekay/arc...rtificate.aspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

"Bill Glidden" <> wrote in message
news:...
> Les Connor [SBS MVP] wrote:
>> ps, you can change remote.blah.blah to office.blah.blah in the SBS wizard
>> by selecting the 'advanced' button. 'remote' is the default prefix.
>>
> Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
> can also see the for GoDaddy certs that I installed during the saga. All
> have type=unknown. AND no more Outlook Security nags.
>
> Thanks for helping me sort this and pointing me in the general direction
> of SBS Console, Advanced Mode!
>
> Cheers,
> Bill


I meant to address my last post to Bill, not Les. Sorry....