Announcement

Collapse
No announcement yet.

SBS 2008: How to renew self-signed "Sites" certificate?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS 2008: How to renew self-signed "Sites" certificate?

    My SBS 2008 server recently started generating event 64 applog warnings for source Microsoft-Windows-CertificateServicesClient-AutoEnrollment, saying
    "Certificate for local system with Thumbprint [...] is about to expire or already expired."

    When I open the Certificates MMC for the local system, under Personal -> Certificates I see a "Sites" certificate that expires in a couple weeks (exactly 1 year after the server was installed) and with the same thumbprint as the event log warning mentions. The details for the cert show it was signed by "[domain]-[server]-CA" i.e., a self-signed cert.

    But if I try to renew this cert via the Certificates MMC I'm told I can only request "Web Server" certificates, which aren't available.

    So how do I renew this "Sites" certificate, and why does it expire only a year after creation?

    TIA!

    P.S. This is shown as a "Server Authentication" cert -- what is it used for?
    Last edited by jw113; 12th December 2011, 10:25. Reason: Add P.S.

  • #2
    Re: SBS 2008: How to renew self-signed "Sites" certificate?

    You use it for remote access to e.g. "remote.myDomain.com". Have you googled this renewal issue?

    Comment


    • #3
      Re: SBS 2008: How to renew self-signed "Sites" certificate?

      Re-run the connect to the internet wizard and it should generate a new one for another year.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Re: SBS 2008: How to renew self-signed "Sites" certificate?

        (Sorry for the delay in following-up...)

        Originally posted by cruachan View Post
        Re-run the connect to the internet wizard and it should generate a new one for another year.
        I tried this, but it saw that there was already an internet connection and offered other broadband options that didn't apply.

        I'd also tried the Fix My Network wizard, but this didn't generate a new Sites certificate.

        Digging a little deeper, I eventually realized that when I'd (some months ago) replaced the Exchange cert with a different self-signed one (to avoid cert warnings for external SMTP and POP3 users), this new cert had also replaced the "Sites" one for IIS, e.g., for remote.[domain] URLs.

        When the Sites cert expired on Dec 30 there were no problems, so I exported it and deleted it, and the auto-enrollment events stopped.

        I'll have to assume that my inadvertent replacement of the Sites cert prevented it from being renewed (either automatically or by Fix My Network).

        Comment

        Working...
        X