Re: Troubles with Microsoft Sharepoint Administration

I am a bit unclear on one last piece of the puzzle.

As you indicate, the CEICW cannot import the godaddy cert. This is as
expected.

The CEICW wizard is designed to generate a self-signed cert which (and if I
understand the SBS instructions that come with the installation of ISA 2004)
is replaced by exporting the godaddy to a pfx file and subsequently importing
it to the default web site after running the CEICW the first time and
allowing it to create the publishing.mydomain.com certificate. (that is, if
I have understood the ISA 2004 installations instructions correctly and
perhaps not as indicated below, this contradicts what you've said below)

Once the cert is in place leave it alone because the physical import of the
GoDaddy cert took care of this before the CEICW ever ran. (Maybe I should
not import the pfx using CEICW?) The default.aspx part seems to be working
fine for me with the exceptions of now being able to reach companyweb
directly. [Listed below as (4)] And of course, make sure the ISA listener
is using the GoDaddy certificate. It looks to me like the web listener and
the companyweb listener are listening to ALL the certificates... both
self-signed and godaddy. It doesn't appear that I can remove them.

The company web is the same ip address except that instead of tcp 443, it
responds to UDP. Given it is the same ip address and an alias for the
Default Web site, is it also the case that the cert must be replaced for this
site as well or does it require a second certificate.

I ask because it appears to be the one part of all this that doesn't work.
I cannot authenticate to companyweb. It asks but refuses authentication
unless the full url is listed in which case the authentication is not
requested but the certificate is listed as untrusted.

Seems as though the same problem exists even if I import the pfx as was done
with the tcp 443 ssl default web site.

When I run the ssl diagnotstics there an error stating that the servier
certificate is not valid for the requested usage.

Oddly, I can log in to the site if I use
https://www.mydomain.com:444/default.aspx from a client machine or from the
PDC using https://PDCName:444/default.aspx

I am still missing something here. I think I am a bit unclear on the part
(3) relisted below that suggests undoing the assignment of godaddy from the
ceicw and replace with the publishing.mydomain.com cert generated initially
by the ceicw just not using the ceicw to do so and making sure the ISA only
uses the GoDaddy cert.
--
Regards,
Jamie
(1)
You should now specify "Do not change certificate" in the CEICW any time
you use it.
<snip>
(2)
Note that the Default WebSite is supposed to finish with the original
internal certificate on it because it's really ISA that needs the genuine
one, not IIS (when you're running ISA).
<snip>
(3)
So you'll need to revert IIS to the Publishing.<ad>.local certificate
(remove certificate, assign existing and pick Publishing).

<snip>
(4)
Because the CEICW is expecting to complete the certificate installation
process in IIS, which requires IIS to be at the "I've generated a CSR and
am waiting for the CRT/CER to be installed" stage, and you've completed
the install manually.
<snip>
(5)
As long as that's a name that exists publically (ie
something.yourdomain.com, not something.activedirectory.local), you're
good. Unless of course, it will clash with another publically accessible
site you plan to have (hosted outside) later.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
For SSL Certificates, Domains, etc, visit.: https://netshop.virtual-isp.net

.

Relevant Pages

  • Re: GoDaddy Cert and SBS 2003 Issues
    ... I did install the intermediate GoDaddy certs. ... I did this according to the GoDaddy instructions, which is pretty much as the SBS guide mentions that you advised. ... Unfortunately, I've followed all of the notes, but I still cannot "see" the new GoDaddy cert when browsing in ISA. ... The only thing that I have noticed is that when I open my new GoDaddy certificate, I don't see the "You have a private key that corresponds to this certificate" at the bottom as I believe I should. ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to install Godaddy cert on SBS R2 Standard box
    ... Do the GoDaddy Turbo SSL certs work with SBS 2003 to allow access to ... "Please create a new request,and request for a new certificate ... waiting for the cert which arrived within seconds of the request. ...
    (microsoft.public.windows.server.sbs)
  • RE: CEICW after loading third party certificate
    ... Organization on Cert is www.mydomain.com" ... The name of the certificate attached to the SBS Outlook via the Internet Web ... "Error Code: 500 Internal Server Error. ... The purchased certificate has an OU name "www.mydomain.com" and the CEICW ...
    (microsoft.public.windows.server.sbs)
  • RE: Multiple Certificates On SBS
    ... The default website/directory security/view cert in IIS shows a cert ... When we run CEICW (server Management console -> Configuration ... certificate created that is located in default website. ...
    (microsoft.public.windows.server.sbs)
  • RE: Cant add GoDaddy Cert to site
    ... Knowing this cert is for the RWW, OWA, etc, found the RWW web listener and ... was able to attach the GoDaddy cert there. ... No certificate has been requested for the default web site in Internet ... if I go back to godaddy and try to request a recreate of the ...
    (microsoft.public.windows.server.sbs)
Loading