leaf certificate
|
Prev: Windows Vista SP2 clients of SBS 2008 hanging on startup problem since update
Next: MX Record SBS 2008
From: Ingmar Van Glabbeek on 19 Mar 2010 05:22 When working with a self signed certificate, how do I make a new leaf for webmail.foo.bar?
From: Ingmar Van Glabbeek on 19 Mar 2010 05:29 To clarify, this is on a SBS2008 server Op 19/03/2010 10:22, Ingmar Van Glabbeek schreef: > When working with a self signed certificate, how do I make a new leaf > for webmail.foo.bar?
From: Cliff Galiher - MVP on 20 Mar 2010 13:51 You don't. Self-signed, by definition, isn't capable of being in a chain. You *can*, however, issue certificates from an internal CA. These aren't "self-signed" but are "self-issued." They are signed by your internal CA server so they won't be trusted by non-domain machines...so they'd behave very similar to self-signed certificates. In SBS 2003, you'd have to install the CA role and configure it. Technet has several articles on this process. In SBS 2008, the CA role is installed by default, so you'd use the certificate MMC snap-ins to request and issue certificates. -Cliff "Ingmar Van Glabbeek" <ingmar.vg(a)gmail.com> wrote in message news:OTua3W0xKHA.3408(a)TK2MSFTNGP06.phx.gbl... > When working with a self signed certificate, how do I make a new leaf for > webmail.foo.bar?
From: Ingmar Van Glabbeek on 22 Mar 2010 08:02 With the MMC module in sbs2008 I manage to enroll a new cert for my server but I can't see where I could issue another one for a different URL. Op 20/03/2010 18:51, Cliff Galiher - MVP schreef: > You don't. Self-signed, by definition, isn't capable of being in a chain. > > You *can*, however, issue certificates from an internal CA. These aren't > "self-signed" but are "self-issued." They are signed by your internal CA > server so they won't be trusted by non-domain machines...so they'd > behave very similar to self-signed certificates. > > In SBS 2003, you'd have to install the CA role and configure it. Technet > has several articles on this process. > In SBS 2008, the CA role is installed by default, so you'd use the > certificate MMC snap-ins to request and issue certificates. > > -Cliff > > > > "Ingmar Van Glabbeek" <ingmar.vg(a)gmail.com> wrote in message > news:OTua3W0xKHA.3408(a)TK2MSFTNGP06.phx.gbl... >> When working with a self signed certificate, how do I make a new leaf >> for webmail.foo.bar? >
From: Cliff Galiher - MVP on 22 Mar 2010 15:25
If this is for a web server (such as IIS) which it sounds like based on your comments, you'll need to use the IIS snap-in to generate a CSR. You can then either issue the certificate manually with the CSR generated, or you can issue the certificate automatically as part of the CSR wizard. Once you get into the IIS certificate wizard, it'll become a lot more clear and self-explanatory. -Cliff "Ingmar Van Glabbeek" <ingmar.vg(a)gmail.com> wrote in message news:#30bHebyKHA.1796(a)TK2MSFTNGP02.phx.gbl... > With the MMC module in sbs2008 I manage to enroll a new cert for my server > but I can't see where I could issue another one for a different URL. > > > > Op 20/03/2010 18:51, Cliff Galiher - MVP schreef: >> You don't. Self-signed, by definition, isn't capable of being in a >> chain. >> >> You *can*, however, issue certificates from an internal CA. These aren't >> "self-signed" but are "self-issued." They are signed by your internal CA >> server so they won't be trusted by non-domain machines...so they'd >> behave very similar to self-signed certificates. >> >> In SBS 2003, you'd have to install the CA role and configure it. Technet >> has several articles on this process. >> In SBS 2008, the CA role is installed by default, so you'd use the >> certificate MMC snap-ins to request and issue certificates. >> >> -Cliff >> >> >> >> "Ingmar Van Glabbeek" <ingmar.vg(a)gmail.com> wrote in message >> news:OTua3W0xKHA.3408(a)TK2MSFTNGP06.phx.gbl... >>> When working with a self signed certificate, how do I make a new leaf >>> for webmail.foo.bar? >> > |