Announcement

Collapse
No announcement yet.

Install existing GoDaddy SSL Certificate into SBS 2011

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Install existing GoDaddy SSL Certificate into SBS 2011

    Hey All,

    This weekend I set up a new SBS 2011 server which all went fine. I am yet to get my head around the SSL certificate though.

    We already have a standard SSL certificate from GoDaddy which we used with the old SBS 2003 server which I want to carry on using (still has 18 months until expiry). However I can't seem to find any guides telling me how I can "reuse" this certificate.

    Can any help?

    Cheers

  • #2
    Re: Install existing GoDaddy SSL Certificate into SBS 2011

    Generally, you can apply for a re-issue of the certificate and send them a new CSR. However, it depends on your SSL licensing. Does it cover you for mutliple servers? Furthermore, are the SANs within the SSL certificate relevant for the newer version?

    Comment


    • #3
      Re: Install existing GoDaddy SSL Certificate into SBS 2011

      Thank you for the quick response - I really appreciate it.

      Nope, it's a single name SSL from GoDaddy (Standard SSL i think they call it). Yes, i made sure to run the connect to internet wizard with the same settings as the old server (ie portal.domain.com instead of the usual remote.domain.com to match the SSL)

      Am i right in thinking the process is:
      * ReKey Godaddy SSL (http://support.godaddy.com/help/arti...sl-certificate)
      * Install new certificate
      * Run Trusted Certificate Wizard in SBS to distribute SSL?

      Do I use the Trusted Certificate Wizard to generate the CSR (or use the standard IIS7 method - http://support.godaddy.com/help/arti...crosoft-iis7)?

      Cheers

      EDIT: OR (after just having a further read), do i just need to export it and reimport it?!
      Last edited by Major_Disaster; 18th June 2012, 15:19.

      Comment


      • #4
        Re: Install existing GoDaddy SSL Certificate into SBS 2011

        For Exchange 2010 you need a SAN certificate
        GoDaddy allow 5 names so normally go for:
        remote.domain.com
        autodiscover.domain.com
        server (netbios name)
        server.domain.local (fqdn)

        Since it is SBS, AFAIK only the first two are needed

        Use the Exchange certificate request or the SBS wizard -- NOT IIS7
        http://technet.microsoft.com/en-us/l.../cc546059.aspx
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Install existing GoDaddy SSL Certificate into SBS 2011

          For SBS 2011 to accept the SSL certificate, the common name must match the name that you have configured in SBS - by default this is remote.example.com. If it does not, then SBS will not use that certificate.

          Furthermore, to use a single name SSL certificate, your external DNS host MUST support SRV records, if it does not then you cannot use a single name SSL certificate. This is because of autodiscover.

          The usual method though is to do the SSL request through the Exchange wizard. Once the wizard has completed, do not enable any services. Instead go in to the SBS certificate wizard, select to use an existing certificate and choose the certificate that you have just installed through Exchange. SBS will then ensure that it is installed correctly.

          http://exchange.sembee.info/2010/ins...sl-sbs2011.asp

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment

          Working...
          X