No announcement yet.

Certificate issues ... very confused !!

  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate issues ... very confused !!

    Hi - I am hoping you can help here as I am totally confused.

    We have a 2012 domain (abc.local) and our main domain is have recently purchased a UCC cert for with SAN (subject alternative names) for,, and

    Server1 is our Exchange 2012 box and I found the commands to run so it changes the virtual directories and makes the IIS/Computer accept a certificate .. this has been installed and now when people connect to via the internet the certificate replies as OK even though it is called

    Externally it also is named as .. but again as I ran the commands to change the virtual directories etc.. it still replies as OK as this server is a SAN.

    My problem is with TS and DC ... these servers do not have IIS installed and just have the standard certificate services installed - I have imported the full certificate (private and public key) into the certificate store but if I try and connect to then it replies the certificate is not valid etc..

    Ideally I don't want to install IIS on the DC and the TS, as there is no need (the TS is just for me to connect remotely) .. but if I have to for simplicity then I will.

    I suppose my question is ... how can I get my cert to correctly work on my machine ?

    If I install IIS .. what do I have to do to reconfigure so it accepts the cert .. is there a script or similar available like the ones I ran against the exchange server ??? (also what are the minimum components I need to install on a 2012 R2 box)

    If I don't have to install IIS ... how can I do what I want. ??

    I hope I have explained the situation .. and any suggestions would be very helpful and much appreciated.

  • #2
    Did you use the Exchange wizard to request the certificate?
    If not, you are likely to have problems

    Note IIS will already be installed as part of the Exchange 2013 CAS role - no need to configure it
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Yes the certificate on the exchange server (server1) works fine.
      The problem is with the other non exchange servers


      • #4
        Not sure I understand fully what you are trying to do. What services are you publishing that require the certificate?

        I'm assuming TS is a Terminal Server (Or to be correct, Remote Desktop Services since 2008 R2), in which case you need to import the certificate in the RD Gateway snap-in.

        DC would normally be a Domain Controller, why would you be accessing that through a routable URL?
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        Cruachan's Blog


        • #5
          The server names were just examples - in essence there are a number of servers (not web servers and not all terminal servers) which face the internet and as a result the SSL needs to match the server name.
          In this case as the cert was issued to and the server is called servername.local ... they obviouslly do not match
          Tricking the exchange server using the scripts from godaddy was simple - I didn't have to rename the server (its still called email.local but the certificate works as