• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Certificate blues

A

anthony

#1
I've bought a GlobalSign certificate described as "Organization
ServerSign with SAN" for marrian.com (my internet domain). The email
delivering the certificate included text for the "SSL" certificate and
text for the "OrganizationSSL Root" certificate. Following
instructions, I created two crt files and installed them on the
server. I can see the certificate under the Personal folder but it
shows as marrian.com whereas perhaps I need to get it reissued as
remote.marrian.com? Also following instructions, I ran this command in
the Exchange Management Shell window: Import-ExchangeCertificate -Path
C:\marrian.com.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP,
POP, IIS". This command asked me if it was OK that this certificate
took precedence and I said yes. I was then instructed to delete the
self-signed certificate which I did

Now very little works (even after running the wizards below). None of
the PDAs we use will sync with Exchange and my desktop Outlook
continually prompts for a password

I re-ran the set up your internet address wizard which says that it
cannot configure Exchange Email. Running the Fix My Network wizard
does not fix this message although it does put back the self-signed
certificate

How do I back out of this mess please?
 

My Computer

J

Jim Behning SBS MVP

#2
If you are working with SBS 2008 there is a wizard to create a
certificate request and there is a wizard to import the certificate
into the SBS which includes Exchange. I have never run a script to
import a certificate into Exchange 2007.

On Thu, 25 Mar 2010 04:21:06 -0700 (PDT), anthony
<anthony.marrian@newsgroup> wrote:

>I've bought a GlobalSign certificate described as "Organization
>ServerSign with SAN" for marrian.com (my internet domain). The email
>delivering the certificate included text for the "SSL" certificate and
>text for the "OrganizationSSL Root" certificate. Following
>instructions, I created two crt files and installed them on the
>server. I can see the certificate under the Personal folder but it
>shows as marrian.com whereas perhaps I need to get it reissued as
>remote.marrian.com? Also following instructions, I ran this command in
>the Exchange Management Shell window: Import-ExchangeCertificate -Path
>C:\marrian.com.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP,
>POP, IIS". This command asked me if it was OK that this certificate
>took precedence and I said yes. I was then instructed to delete the
>self-signed certificate which I did
>
>Now very little works (even after running the wizards below). None of
>the PDAs we use will sync with Exchange and my desktop Outlook
>continually prompts for a password
>
>I re-ran the set up your internet address wizard which says that it
>cannot configure Exchange Email. Running the Fix My Network wizard
>does not fix this message although it does put back the self-signed
>certificate
>
>How do I back out of this mess please?
See what SBS support is working on
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
 

My Computer

A

anthony

#3
On Mar 25, 12:45 pm, Jim Behning SBS MVP
<jimbehn...@newsgroup> wrote:

> If you are working with SBS 2008 there is a wizard to create a
> certificate request and there is a wizard to import the certificate
> into the SBS which includes Exchange. I have never run a script to
> import a certificate into Exchange 2007.
>
> On Thu, 25 Mar 2010 04:21:06 -0700 (PDT), anthony
>
>
>
> <anthony.marr...@newsgroup> wrote:

> >I've bought a GlobalSign certificate described as "Organization
> >ServerSign with SAN" for marrian.com (my internet domain). The email
> >delivering the certificate included text for the "SSL" certificate and
> >text for the "OrganizationSSL Root" certificate. Following
> >instructions, I created two crt files and installed them on the
> >server. I can see the certificate under the Personal folder but it
> >shows as marrian.com whereas perhaps I need to get it reissued as
> >remote.marrian.com? Also following instructions, I ran this command in
> >the Exchange Management Shell window: Import-ExchangeCertificate -Path
> >C:\marrian.com.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP,
> >POP, IIS". This command asked me if it was OK that this certificate
> >took precedence and I said yes. I was then instructed to delete the
> >self-signed certificate which I did
>

> >Now very little works (even after running the wizards below). None of
> >the PDAs we use will sync with Exchange and my desktop Outlook
> >continually prompts for a password
>

> >I re-ran the set up your internet address wizard which says that it
> >cannot configure Exchange Email. Running the Fix My Network wizard
> >does not fix this message although it does put back the self-signed
> >certificate
>

> >How do I back out of this mess please?
>
> See what SBS support is working onhttp://blogs.technet.com/sbs/default.aspx
> Check your SBS with the SBS Best Practices Analyzerhttp://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
I had tried the import wizard and fed it the certificate text but it
didn't like it. However, I've now sent GlobalSign the certificate
request and asked them to reissue the certificate based on it. Maybe
the new certificate will go in cleanly. In the meantime, I'm
hanging...

Many thanks - Anthony
 

My Computer

J

Jim Behning SBS MVP

#4
On Thu, 25 Mar 2010 05:59:05 -0700 (PDT), anthony
<anthony.marrian@newsgroup> wrote:

>On Mar 25, 12:45 pm, Jim Behning SBS MVP
><jimbehn...@newsgroup> wrote:

>> If you are working with SBS 2008 there is a wizard to create a
>> certificate request and there is a wizard to import the certificate
>> into the SBS which includes Exchange. I have never run a script to
>> import a certificate into Exchange 2007.
>>
>> On Thu, 25 Mar 2010 04:21:06 -0700 (PDT), anthony
>>
>>
>>
>> <anthony.marr...@newsgroup> wrote:

>> >I've bought a GlobalSign certificate described as "Organization
>> >ServerSign with SAN" for marrian.com (my internet domain). The email
>> >delivering the certificate included text for the "SSL" certificate and
>> >text for the "OrganizationSSL Root" certificate. Following
>> >instructions, I created two crt files and installed them on the
>> >server. I can see the certificate under the Personal folder but it
>> >shows as marrian.com whereas perhaps I need to get it reissued as
>> >remote.marrian.com? Also following instructions, I ran this command in
>> >the Exchange Management Shell window: Import-ExchangeCertificate -Path
>> >C:\marrian.com.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP,
>> >POP, IIS". This command asked me if it was OK that this certificate
>> >took precedence and I said yes. I was then instructed to delete the
>> >self-signed certificate which I did
>>

>> >Now very little works (even after running the wizards below). None of
>> >the PDAs we use will sync with Exchange and my desktop Outlook
>> >continually prompts for a password
>>

>> >I re-ran the set up your internet address wizard which says that it
>> >cannot configure Exchange Email. Running the Fix My Network wizard
>> >does not fix this message although it does put back the self-signed
>> >certificate
>>

>> >How do I back out of this mess please?
>>
>> See what SBS support is working onhttp://blogs.technet.com/sbs/default.aspx
>> Check your SBS with the SBS Best Practices Analyzerhttp://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
>
>I had tried the import wizard and fed it the certificate text but it
>didn't like it. However, I've now sent GlobalSign the certificate
>request and asked them to reissue the certificate based on it. Maybe
>the new certificate will go in cleanly. In the meantime, I'm
>hanging...
>
>Many thanks - Anthony
I have done a few meaning at least three and all were from GoDaddy.
They imported without issue. Smart phones and
remote.realworldcompany.com worked fine.
See what SBS support is working on
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
 

My Computer

A

anthony

#5
Does anybody know what names need to be covered by a SAN certificate?
My supplier has covered:

autodiscover.internetdomain.com
mail.internetdomain.com
owa.internetdomain.com
sbsserver
sbsserver.sbsdomain.lan

Are all these necessary?
 

My Computer

J

Jim Behning SBS MVP

#6
Do you need a san cert? I just buy a cert for remote.companyname.com
as I only have one server my accounts need to get to.

On Thu, 25 Mar 2010 10:08:08 -0700 (PDT), anthony
<anthony.marrian@newsgroup> wrote:

>Does anybody know what names need to be covered by a SAN certificate?
>My supplier has covered:
>
>autodiscover.internetdomain.com
>mail.internetdomain.com
>owa.internetdomain.com
>sbsserver
>sbsserver.sbsdomain.lan
>
>Are all these necessary?
See what SBS support is working on
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
 

My Computer

Users Who Are Viewing This Thread (Users: 1, Guests: 0)