When working with a self signed certificate, how do I make a new leaf
for webmail.foo.bar?

To clarify, this is on a SBS2008 server

Op 19/03/2010 10:22, Ingmar Van Glabbeek schreef:

> When working with a self signed certificate, how do I make a new leaf
> for webmail.foo.bar?

You don't. Self-signed, by definition, isn't capable of being in a chain.

You *can*, however, issue certificates from an internal CA. These aren't
"self-signed" but are "self-issued." They are signed by your internal CA
server so they won't be trusted by non-domain machines...so they'd behave
very similar to self-signed certificates.

In SBS 2003, you'd have to install the CA role and configure it. Technet
has several articles on this process.
In SBS 2008, the CA role is installed by default, so you'd use the
certificate MMC snap-ins to request and issue certificates.

-Cliff



"Ingmar Van Glabbeek" <ingmar.vg@newsgroup> wrote in message
news:OTua3W0xKHA.3408@newsgroup

> When working with a self signed certificate, how do I make a new leaf for
> webmail.foo.bar?

With the MMC module in sbs2008 I manage to enroll a new cert for my
server but I can't see where I could issue another one for a different URL.



Op 20/03/2010 18:51, Cliff Galiher - MVP schreef:

> You don't. Self-signed, by definition, isn't capable of being in a chain.
>
> You *can*, however, issue certificates from an internal CA. These aren't
> "self-signed" but are "self-issued." They are signed by your internal CA
> server so they won't be trusted by non-domain machines...so they'd
> behave very similar to self-signed certificates.
>
> In SBS 2003, you'd have to install the CA role and configure it. Technet
> has several articles on this process.
> In SBS 2008, the CA role is installed by default, so you'd use the
> certificate MMC snap-ins to request and issue certificates.
>
> -Cliff
>
>
>
> "Ingmar Van Glabbeek" <ingmar.vg@newsgroup> wrote in message
> news:OTua3W0xKHA.3408@newsgroup

>> When working with a self signed certificate, how do I make a new leaf
>> for webmail.foo.bar?

>

If this is for a web server (such as IIS) which it sounds like based on your
comments, you'll need to use the IIS snap-in to generate a CSR. You can
then either issue the certificate manually with the CSR generated, or you
can issue the certificate automatically as part of the CSR wizard.

Once you get into the IIS certificate wizard, it'll become a lot more clear
and self-explanatory.

-Cliff


"Ingmar Van Glabbeek" <ingmar.vg@newsgroup> wrote in message
news:#30bHebyKHA.1796@newsgroup

> With the MMC module in sbs2008 I manage to enroll a new cert for my server
> but I can't see where I could issue another one for a different URL.
>
>
>
> Op 20/03/2010 18:51, Cliff Galiher - MVP schreef:

>> You don't. Self-signed, by definition, isn't capable of being in a
>> chain.
>>
>> You *can*, however, issue certificates from an internal CA. These aren't
>> "self-signed" but are "self-issued." They are signed by your internal CA
>> server so they won't be trusted by non-domain machines...so they'd
>> behave very similar to self-signed certificates.
>>
>> In SBS 2003, you'd have to install the CA role and configure it. Technet
>> has several articles on this process.
>> In SBS 2008, the CA role is installed by default, so you'd use the
>> certificate MMC snap-ins to request and issue certificates.
>>
>> -Cliff
>>
>>
>>
>> "Ingmar Van Glabbeek" <ingmar.vg@newsgroup> wrote in message
>> news:OTua3W0xKHA.3408@newsgroup

>>> When working with a self signed certificate, how do I make a new leaf
>>> for webmail.foo.bar?

>>

>