Will I have to pay twice for a certificate?
|
From: anthony on 28 Mar 2010 06:52 As I know nothing about certificates, I went to a supplier (telling them this was SBS 2008) who gave me advice, suggested I use their website utility to create a CSR and sold me a GlobalSign SAN SSL certificate. I hadn't appreciated that the certificate wizard generates a perfectly good CSR all on its own. I now discover that their advice to use my internet domain name (as in mydomain.com) as the common name is wrong because the SBS wizard defaults to remote.mydomain.com (which is what I want). At first they said I'd need to pay for another certificate. Then they said they had added remote.mydomain.com to the list and I should reissue the CSR again with the common name of mydomain.com (as before) so they could reissue the certificate. I don't see how issuing a CSR with the common name as mydomain.com in order to receive a certificate which has remote.mydomain.com in its list is going to help because the wizard is still going set everything up as mydomain.com and not remote.mydomain.com. What should I do?
From: Jim Behning SBS MVP on 28 Mar 2010 10:52 On Sun, 28 Mar 2010 03:52:44 -0700 (PDT), anthony <anthony.marrian(a)gmail.com> wrote: >As I know nothing about certificates, I went to a supplier (telling >them this was SBS 2008) who gave me advice, suggested I use their >website utility to create a CSR and sold me a GlobalSign SAN SSL >certificate. I hadn't appreciated that the certificate wizard >generates a perfectly good CSR all on its own. I now discover that >their advice to use my internet domain name (as in mydomain.com) as >the common name is wrong because the SBS wizard defaults to >remote.mydomain.com (which is what I want). At first they said I'd >need to pay for another certificate. Then they said they had added >remote.mydomain.com to the list and I should reissue the CSR again >with the common name of mydomain.com (as before) so they could reissue >the certificate. I don't see how issuing a CSR with the common name as >mydomain.com in order to receive a certificate which has >remote.mydomain.com in its list is going to help because the wizard is >still going set everything up as mydomain.com and not >remote.mydomain.com. What should I do? I have screwed up at GoDaddy before. They had a wizard to let me request a new certificate properly configured with correct name. If the supplier you are using will not help maybe you can do a freeze on your credit card? See what SBS support is working on http://blogs.technet.com/sbs/default.aspx Check your SBS with the SBS Best Practices Analyzer http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
From: anthony on 28 Mar 2010 12:02 On Mar 28, 3:52 pm, Jim Behning SBS MVP <jimbehn...(a)doesthisblockpork.mindspring.com> wrote: > On Sun, 28 Mar 2010 03:52:44 -0700 (PDT), anthony > > > > <anthony.marr...(a)gmail.com> wrote: > >As I know nothing about certificates, I went to a supplier (telling > >them this was SBS 2008) who gave me advice, suggested I use their > >website utility to create a CSR and sold me a GlobalSign SAN SSL > >certificate. I hadn't appreciated that the certificate wizard > >generates a perfectly good CSR all on its own. I now discover that > >their advice to use my internet domain name (as in mydomain.com) as > >the common name is wrong because the SBS wizard defaults to > >remote.mydomain.com (which is what I want). At first they said I'd > >need to pay for another certificate. Then they said they had added > >remote.mydomain.com to the list and I should reissue the CSR again > >with the common name of mydomain.com (as before) so they could reissue > >the certificate. I don't see how issuing a CSR with the common name as > >mydomain.com in order to receive a certificate which has > >remote.mydomain.com in its list is going to help because the wizard is > >still going set everything up as mydomain.com and not > >remote.mydomain.com. What should I do? > > I have screwed up at GoDaddy before. They had a wizard to let me > request a new certificate properly configured with correct name. If > the supplier you are using will not help maybe you can do a freeze on > your credit card? > See what SBS support is working onhttp://blogs.technet.com/sbs/default.aspx > Check your SBS with the SBS Best Practices Analyzerhttp://blogs.technet.com/sbs/archive/tags/BPA/default.aspx Payment went through long time ago. I had in mind to run the wizard and remove the "remote" option. This gives GlobalSign what they want and I get a certificate which apparently includes remote.mydomain.com as one of the SANs. Then run the wizard again: this time with the "remote" option ticked and offer up the certificate. What worries me is this private key business. Is it different every time the wizard is run and does the certificate issuer need to know what it is? If so, I think I've wasted quite a lot of money
From: Andrew M. Saucci, Jr. on 28 Mar 2010 14:12 You don't HAVE to use remote.whatever.com; it's just a default and a convention. I used "mail.whatever.com" as my inbound access convention for years with SBS 2003-- saved me the trouble of having a second A record pointing to the same address. I'm sure the wizard will let you use "whatever.com" for remote access if that's easier and saves the trouble of getting a new certificate. It just requires an A record pointing to the top of whatever.com (usually a blank host name in the DNS configuration). It would mean that someone putting "whatever.com" into a web browser would go to the SBS and not an externally hosted web site. For that, www.whatever.com would become necessary. That may be a bit of a price to pay, assuming that the domain has a public web site associated with it; lots of people don't type "www" before a domain name. If the domain has no public web site, no problem. "anthony" <anthony.marrian(a)gmail.com> wrote in message news:cb78f281-6baf-4e09-a095-eb9379cca962(a)j21g2000yqh.googlegroups.com... > As I know nothing about certificates, I went to a supplier (telling > them this was SBS 2008) who gave me advice, suggested I use their > website utility to create a CSR and sold me a GlobalSign SAN SSL > certificate. I hadn't appreciated that the certificate wizard > generates a perfectly good CSR all on its own. I now discover that > their advice to use my internet domain name (as in mydomain.com) as > the common name is wrong because the SBS wizard defaults to > remote.mydomain.com (which is what I want). At first they said I'd > need to pay for another certificate. Then they said they had added > remote.mydomain.com to the list and I should reissue the CSR again > with the common name of mydomain.com (as before) so they could reissue > the certificate. I don't see how issuing a CSR with the common name as > mydomain.com in order to receive a certificate which has > remote.mydomain.com in its list is going to help because the wizard is > still going set everything up as mydomain.com and not > remote.mydomain.com. What should I do?
From: anthony on 28 Mar 2010 15:57 On Mar 28, 7:12 pm, "Andrew M. Saucci, Jr." <spam- o...(a)2000computer.local> wrote: > You don't HAVE to use remote.whatever.com; it's just a default and > a convention. I used "mail.whatever.com" as my inbound access convention for > years with SBS 2003-- saved me the trouble of having a second A record > pointing to the same address. I'm sure the wizard will let you use > "whatever.com" for remote access if that's easier and saves the trouble of > getting a new certificate. It just requires an A record pointing to the top > of whatever.com (usually a blank host name in the DNS configuration). It > would mean that someone putting "whatever.com" into a web browser would go > to the SBS and not an externally hosted web site. For that,www.whatever.com > would become necessary. That may be a bit of a price to pay, assuming that > the domain has a public web site associated with it; lots of people don't > type "www" before a domain name. If the domain has no public web site, no > problem. > > "anthony" <anthony.marr...(a)gmail.com> wrote in message > > news:cb78f281-6baf-4e09-a095-eb9379cca962(a)j21g2000yqh.googlegroups.com... > > > As I know nothing about certificates, I went to a supplier (telling > > them this was SBS 2008) who gave me advice, suggested I use their > > website utility to create a CSR and sold me a GlobalSign SAN SSL > > certificate. I hadn't appreciated that the certificate wizard > > generates a perfectly good CSR all on its own. I now discover that > > their advice to use my internet domain name (as in mydomain.com) as > > the common name is wrong because the SBS wizard defaults to > > remote.mydomain.com (which is what I want). At first they said I'd > > need to pay for another certificate. Then they said they had added > > remote.mydomain.com to the list and I should reissue the CSR again > > with the common name of mydomain.com (as before) so they could reissue > > the certificate. I don't see how issuing a CSR with the common name as > > mydomain.com in order to receive a certificate which has > > remote.mydomain.com in its list is going to help because the wizard is > > still going set everything up as mydomain.com and not > > remote.mydomain.com. What should I do? There is a public site and although I agree with you about the feasibility of dispensing with remote, I'd rather stick to the SBS conventions. Also quite a lot of stuff is set up for remote.mydomain.com (but on the self-certified certificate), or it was until I broke it by running "Import-ExchangeCertificate -Path C: \mydomain.com.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS". I'm now trying to figure out whether I can avoid a support call to MS. I'm hoping that a proper certificate added via the wizard followed by the Fix my Network wizard (which currently fails on the Exchange portion) will restore matters
|
Next
|
Last
Pages: 1 2 Prev: SBS BPA 2008: WARNING: DNS name server records do not exists Next: SBS 2008 - No Incoming Mail |