RE: Web Certificate for IIS Server on SBS Domain

Hello Bryan,

Thank you for posting to the SBS Newsgroup.

I understand that you want to know whether it is necessary to install CA on
the SBS 2K3 server for a web application on member server. If I have
misunderstood your concern, please let me know.

Please see my answers for your questions below:

Q: I've never installed Certificate Services on the SBS because I haven't
needed to. Will that be necessary in order for the IIS server to request a
certificate of the SBS server?

A: No, you need to install Certificate Service on SBS Server.

Q: Will installing Certificate Services mess up my existing configuration
in any way?

A: No, it will not mess up your existing configuration.

Q: Do I need to install Certificate Services on the SBS, or can it be
installed on the IIS server? Would I get the same results either way, and
is there a best practice?

A: You do not need to install Certificate Service either on the SBS or IIS
server.

You can install Certificate Services from Add/Remove Windows Components,
but it is not necessary, and you may meet unpredictable issues and it will
consume your server resource if you really want to install it.

You can create a certificate by running the CEICW (Configure E-mail and
Internet Connection Wizard) which the certificate is signed by your SBS
server, or you can obtain your own certificate signed by a commercial CA.

I assume that you have run the CEICW before. In this case, the certificate
is generated at the time you are running CEICW.

a. Expand to Server Management\To Do List\Connect to the Internet.

b. Run Configure E-mail and Internet Connection Wizard.

c. Proceed to the page of Web Server Certificate.

Create a new Web Server Certificate: Click to create a self-signed
certificate and then type the FQDN of your SBS server that is used to
access your server.

Use a Web Server Certificate from a trusted authority: Click to use a
certificate obtained from a trusted authority, and then click Browse to
locate the certificate. If you do not have an existing certificate from a
trusted authority but would like to obtain one, you must create a
certificate request using the Web Server Certificate Wizard in Internet
Information Services (IIS). To do so, please see step d.

d. Expand to Internet Information Services\Yourdomain\Web Sites\Default Web
Site. Right click Default Web Site, select Properties, Directory Security
tab. Click Server Certificate. Run Web Server Certificate Wizard.

Hope this information helps. If anything is unclear, please feel free to
let me know. I am looking forward to hearing from you!


Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
>From: "Bryan L" <blinton.nospam@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
>Subject: Web Certificate for IIS Server on SBS Domain
>Date: Mon, 12 Sep 2005 17:03:06 -0500
>Lines: 30
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <eiBqCX#tFHA.3252@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: connellinsurance.com 66.76.216.32
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:152740
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>I have configured a certificate on my SBS for use with RWW, OWA, OMA, and
>RPC over HTTP. I've never had any trouble with it.
>
>I'm now setting up a web application on a new IIS server on my domain and
I
>want to secure all connections with a self-issued certificate, since I
want
>to give my users access to it across the internet. Since the certificate
>and DNS names need to match, I presume I need to set up another cert
>specifically for use by that server. I've set up 1:1 NAT and a public DNS
>record for the server. I just have a few questions:
>
>I've never installed Certificate Services on the SBS because I haven't
>needed to. Will that be necessary in order for the IIS server to request a
>certificate of the SBS server?
>
>Will installing Certificate Services mess up my existing configuration in
>any way?
>
>Do I need to install Certificate Services on the SBS, or can it be
installed
>on the IIS server? Would I get the same results either way, and is there
a
>best practice?
>
>Just looking to clearly understand my options, and the logical process of
>what I need to do.
>
>Thanks in advance!
>
>Bryan
>
>
>
>

.

Relevant Pages

  • RE: Help with Internet and Email wizard
    ... Thank you for posting in the SBS newsgroup. ... On SBS Server, run the CEICW, go through "Connection Type" page, on ... Since we don't want to set up an external internet access, ... We can select Option one "Create a new Web server certificate" to ...
    (microsoft.public.windows.server.sbs)
  • RE: ActiveSync and T-Mobile Treo 650
    ... Thank you for posting in the SBS newsgroup. ... Generally, to publish ActiveSync, you just need to run the CEICW and enable ... Method 2 - Replace your Exchange Web Publishing rule with a Server ... new certificate on the Exchange server to match the new url being used to ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook RPC over HTTp deosnt work
    ... Certificate, click Install Certificate, and then follow the instructions. ... when you try to use RPC over HTTP to connect the Exchange Server. ... In SBS 2003, we don't have to manually configure RPC over HTTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook RPC over HTTp deosnt work
    ... Certificate, click Install Certificate, and then follow the instructions. ... when you try to use RPC over HTTP to connect the Exchange Server. ... In SBS 2003, we don't have to manually configure RPC over HTTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Certifcate reset error - Need for mobile device connect
    ... That is why I am thinking of revoking the current GoDaddy certificate and removing the certificate from default and requesting a new one. ... Have you installed the GoDaddy cert on the SBS box yet yet? ... What I am trying to accopmlish is to have my SBS exchange server synch wireless with a Motorola Q phone. ... Manager packet from the SBS 2003 server to recreate the VPN connection. ...
    (microsoft.public.windows.server.sbs)