David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC

This is another question I was recently asked.  One particular user noticed that the certificate they saw when accessing their server from the internet did not match that when accessing from the LAN.  The certificate looked something like this:

clip_image002

This was a little strange as when the system was accessed from the intranet, all things appeared fine.  The culprit for them was the SBS 2003 self signed certificate on the same machine.  By removing the certificate and then installing the correct new one things got better.

To remove the old certificate, start MMC.exe and accept the UAC prompt.  Now press Ctrl+M to add a new snap-in and select Certificates add or remove snap-ins, certs selected   and when asked, add for the user account user account for certs snap-in .

The do the same again, but select Certificates and Computer Account and hit OK to accept the current computer.  Now expand out Personal Certificates and remove any SBS 2003 self signed certificates.

 

To load the new certificates open a browser inside your SBS 2008 network and point to http://companyweb/Lists/Announcements/DispForm.aspx?ID=3 which should give you instructions and the URL.

company web announcement for cert install

 

I hope that makes sense.

 

ttfn

David


Posted Wed, Dec 3 2008 2:03 AM by David Overton

Comments

mark wrote re: Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC
on Tue, Jan 6 2009 4:28 PM

Thanks for the info, but you say you had to "install the correct new certificate".  I don't want to buy a cert, so how do I have the server create a new certificate?  I guess I need a cert with the IP address in the name since I'll be using the IP to get to RWW?  Or am I off track?

David Overton wrote re: Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC
on Tue, Jan 6 2009 10:19 PM

Mark,

the self-issued certificate that SBS uses can be found at \\<yourserver>\public\public downloads - you should see a zip and directory with the self-signed certificate.  If you use an IP address then it may not work both inside and outside your network - better to use a name.  So uninstall the old cert, install the newly created self-signed certificate and away you go.

So, my advice, buy a domain, register it and use a dynamic dns service if required (if you don't have a fixed IP address) otherwise e-mail can't come in and the certs will fail.

Thanks

David

Mark wrote re: Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC
on Mon, Jan 12 2009 11:24 PM

I've setup a name for my IP, but I still can't find anywhere how to create a new cert in 2008 SBS.  If I run the "add a trusted cert" wiz, it asks if I want to buy one, or use an existing one.  I don't want to buy one, but want to have my server re-create one with the correct name. (remote.pubdomain.com instead of remote.localdomain.local)  

I see that if I run the "setup your Internet Address" wiz, I can re-enter my domain name, and this might be where I'd put in the public FQDN, but I'm afraid this might screw with who-knows-what other configurations.  I was very comfortable re-running CEICW in 2003 and changing the name to an IP, and this is all it fixed.  I ran the "fix your network" here in 2008, - it just ran.. ran.. and finished, and it screwed with my recipient policies!  So 2008 wizards are still a little scary to me.

Thanks for the previous response, and any other advice.

David Overton wrote re: Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC
on Mon, Jan 12 2009 11:42 PM

Mark,

re-run the wizard - I ran it about 15 times this weekend.  It will re-create your cert for you.  Also, when you get to the "domain name" section, there is an advanced button that describes your "remote" name.

Thanks

David

Mark wrote re: Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC
on Tue, Jan 13 2009 10:12 PM

Thanks,

I re-ran the "setup your internet address" wiz, intered the public FQDN I assigned to the IP, and then it finished.  I checked my recipient policies, and it modified the policy, but modified it correctly, and got rid of the 'localdomain.local' address, which I didn't need anyway.  I then re-ran the 'fix my network' wizard expecting it to re-create the certificate install package in the public\downloads folder, but it didn't.  I tried installing the package anyway, and it worked.  I'm not sure why I'm not finding a cert, or installation package with a new date, but it's working.  

Thanks for the help.

Add a Comment

(optional)  
(optional)
(required)  
Remember Me?

(c)David Overton 2006-18