TechNet Blogs > The Windows Server Essentials and Small Business Server Blog > How to Install Your Existing Certificate into SBS Essentials
Server & Tools Blogs > Server & Management Blogs > The Windows Server Essentials and Small Business Server Blog
Live Now on Server & Tools Blogs
Menu
SBS-Related Links
EPS Team Blogs
Disclaimer
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Recent Posts
Tags
More
Archives
Archives
More

How to Install Your Existing Certificate into SBS Essentials

How to Install Your Existing Certificate into SBS Essentials

Rate This
4 Aug 2011 10:25 AM
  • Comments 0

[Today's post comes to us courtesy of Justin Crosby and Wayne Gordon McIntyre from Commercial Technical Support]

Small Business Server 2011 Essentials provides a wizard that will enable you to purchase and install a trusted certificate through our partners GoDaddy and eNom. This blog post will cover the scenario where you already own a trusted certificate and want to re-use it instead of buying a new one. If your domain is not registered with GoDaddy or eNom you can use the wizard to import the certificate by choosing the manual workflow option which is described here http://sbs.seandaniel.com/2011/06/how-to-manually-configure-sbs-2011.html.

Configure your Domain Name

  1. From the registry editor browse to HKLM\SOFTWARE\Microsoft\Windows
    Server\Domain Manager\Providers\E423C85D-6B1F-4583-95E0-449D8263BAC4    . Set
    the UseV2CertificateSupport value
    to 0.
  2. Restart the Windows Server Domain Name Management service.
  3. Close and reopen the SBS Essential
    Dashboard.
  4. Run the Set up Domain Name wizard to configure
    your domain name, be sure to match the name on the certificate you plan to use.
  5. From the registry editor browse to HKLM\SOFTWARE\Microsoft\Windows
    Server\Domain Manager\Providers\E423C85D-6B1F-4583-95E0-449D8263BAC4    . Set
    the UseV2CertificateSupport value
    to 1.
  6. Restart the Windows Server Domain Name Management service and close and reopen
    the SBS Essential Dashboard.

Import Your Certificate Using a Script

The easiest method to import the script is to use the following PowerShell script. Download the ImportTrustedCertSBSE.ps1 script to tools/temp folder and run it as an administrator from WssPowerShell.exe. This script requires that you have your certificate in .pfx form. You will be prompted for the certificate path and password.

Import Your Certificate Manually

Alternatively you can manually import the certificate using the following steps.

** Note: that if you are manually creating a request thru IIS, follow the below TechNet article on making and completing the request in IIS. Once the certificate is installed continue with the other steps to ensure the bindings are correct. Then follow steps 2 and 3.

For more information see: http://technet.microsoft.com/en-us/library/cc731977(WS.10).aspx

Step 1. Import Trusted certificate to local machine store.

  1. Open MMC as administrator.
  2. Select File > Add/Remove Snap-in…
  3. Select Certificates and click Add>
  4. Select Computer account and click Next.
  5. Select Local Computer and click Finish.
  6. Click Ok.
  7. Expand Certificates > Personal > Certificates.
  8. Right-click Certificates, select All Tasks > Import…
  9. Click Next.
  10. Select your .PFX file
  11. Enter the password for the PFX file.
  12. Make sure "Mark this key as exportable. This will allow you to backup or transport your keys at a later time" and "Include all extended properties" checkboxes are both checked. Then click Next
  13. Leave the default option selected of "Place all certificates in the following store" and ensure the Certificate store is set as Personal. Then click Next.
  14. Click Finish.

Step 2. IIS Configuration

  1. Open IIS Manager from Administrative tools.
  2. Expand your server name.
  3. Expand Sites.
  4. Select the Default Web Site and click the Bindings… action.
  5. Select HTTPS *:443: and click Edit…
    image
  6. Choose your trusted certificate and click View to ensure that you have the corresponding private key for that cert. .
    image
  7. Click Ok twice and then Close.

Step 3. RD Gateway Configuration

  1. Enable Remote Desktop Gateway Service Management.
  2. Open the Remote Desktop Gateway Manager from Administrative Tools > Remote Desktop Services.
  3. Right-click your server name and choose properties.
  4. Select the SSL Certificate tab.
  5. Click the Import Certificate… button.
  6. Choose your trusted certificate and click Import.
  7. Click Ok.

For more information please see: http://social.technet.microsoft.com/wiki/contents/articles/manually-install-existing-ssl-certificate-into-small-business-server-2011-essentials.aspx

Post Updated: 11/18/2011

,