[Today’s post comes to us courtesy of Mohammed Sabir Chandwale, Moloy Tandon, and Shawn Sullivan from Commercial Technical Support]
SBS 2011 Standard, just like SBS 2008, allows you to create a self-issued SSL certificate via the Internet Address Management Wizard so that you can communicate securely with the server without having to purchase a certificate. The client requirements for trusting this certificate have not changed since the last version; they must still obtain the certificate distribution package to install the signing CA cert in order to make a connection using Outlook Anywhere or Remote Desktop Gateway (see previous blog post). However, the distribution of the certificate package in SBS 2011 Standard has been made much easier as opposed to SBS 2008.
Instead of relying on the administrator to send the certificate package to the external users, the users can now simply connect to Remote Web Access (formerly known as Remote Web Workplace) and download it for themselves using the new Shared Folders feature. To accomplish this, do the following:
- Log onto RWA.
Note: The user must be a member of the Windows Remote Web Access Users group. They will be if you have created the user from the SBS Console.
- On the home page, click on Shared Folders > Public.
- Expand Public, click Downloads, and check Install Certificate Package.zip. Click Download.
- Choose any of the download formats and save the files on the client on the local disk.
- Extract the package and launch InstallCertificate.exe . This will install the signing CA certificate on a computer running XP SP2 or later or a mobile device running Windows Mobile 6 through 6.5. To install the certificate on a Windows Phone 7 device, follow the steps in this post.