Certificate Installation: Microsoft SBS 2008 Print

  • 468

The steps described below should provide detailed steps, specific for SBS 2008:

  1. In your Windows SBS Console on the server, navigate to the Network tab and the Connectivity sub-tab and launch the Add a Trusted Certificate connectivity task
  2. Click Next on the welcome screen and choose I want to buy a certificate from a certificate provider and click Next.
  3. Verify this information is correct.  This information will be encoded in the request to the certificate provider, and cannot be changed without buying a new certificate.  Additionally for some certificate requests this information could be used to contact you to validate the ownership of the domain name.  Then click Next.
  4. Once you get to the screen below, you are now going to deal with only the certificate provider, with the encoded certificate request shown in the gray box.  Since most providers have you paste this into a web browser, you should click the Copy button to place this into your clipboard.

    IMPORTANT: It’s important not to click back or next-back on this page, as it will re-generate a new encoded string, which will not match the request you make to your cert provider.

  5. Once the encoded string is copied safely (paste it into Notepad so you don’t loose it during the process), close the Trusted Certificate wizard for now to get it out of the way and prevent errors now that we have that encoded text in the clipboard (and hopefully in Notepad).  Click Next and then select My certificate provider needs more time to process the request, and click Next again, the wizard will show a warning that it could not import the certificate into Remote Web Workplace.
    1. You will also notice after you click Finish, that the console now shows Request Submitted and you have an option to Remove this Certificate, which we don’t want to do unless we want to go back to the beginning.
  6. At this point, go to your provider`s website and follow the instructions for purchasing a certificate.  The provider will most likely ask you to purchase the certificate before they collect the certificate information (encoded text above) from you. Make sure you select Microsoft IIS after you insert your CSR, so that the certificate is generated for your purpose.
  7. One thing to note here is there are two things to download, the signed certificate itself, and the intermediate certificates which must also be installed on the website.
  8. You should see IIS Installation Instructions link to open up the installation instructions and CA Bundle via MMC.  It’s important to use these instructions for installing the Intermediate Certificate Bundle.  You can follow the Installing the SSL certificate steps as well, but it will change the flow through the Trusted Certificate wizard shown later in this instruction set.
    1. So follow the steps, but use them for SBS 2008 here for you as well!
      1. Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC). Agree to the UAC prompt
      2. In the Management Console, select File; then “Add/Remove Snap In.”
      3. In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
      4. Choose Computer Account; then click Next and Finish.
      5. Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
      6. If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.
      7. Right-click on Intermediate Certification Authorities and choose All Tasks; then click Import.
      8. Follow the wizard prompts to complete the installation procedure.
      9. Click Browse to locate the certificate file (gd_iis_intermediates.p7b). You’ll have to change the file filter at the bottom right to PKCS #7 Certificates.
      10. Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next.
      11. Click Finish.
  9. Once this is imported, we can go back to the Trusted Certificate wizard in the product
    1. Click Add a Trusted Certificate in the console to re-launch the wizard if you closed it (as recommended above), and click Next on the welcome page.
    2. Click I have a certificate from my certificate provider and click Next.
    3. Since GlobeSSL provided a file, browse to the file (alternatively if the provider gave back encoded text, that could be pasted into the wizard too) that matches my domain name, in this case, remote.seandaniel.net. and clicking Next.

    4. You’re finally done, click Finished!  Now remote clients will get the benefit of a trusted certificate, and the console reports Trusted as the certificate type.
  10. It’s important to use the Trusted Certificate wizard for the last step, to ensure that the certificate is bound to the correct IIS website, as well as TSGateway for remote desktop access.  If you followed all the steps from GlobeSSL to install the certificate, simply run the Trusted Certificate wizard and choosI want to replace the existing certificate with a new one, and you’ll get shown the trusted certificate and the self-issued certificate for your domain name, just choose the appropriate one based on the type and the expiration date:
  11. On a final note, renewing your certificate after the year, just click that Add a Trusted Certificate link in the console but this time through choose I want to renew my current trusted certificate with the same provider, and follow the instructions!


Was this answer helpful?

« Back