How to Install Your Existing Certificate into SBS Essentials
[Today's post comes to us courtesy of Justin Crosby and Wayne Gordon McIntyre from Commercial Technical Support]
Small Business Server 2011 Essentials provides a wizard that will enable you to purchase and install a trusted certificate through our partners GoDaddy and eNom. This blog post will cover the scenario where you already own a trusted certificate and want to re-use it instead of buying a new one. If your domain is not registered with GoDaddy or eNom you can use the wizard to import the certificate by choosing the manual workflow option which is described here https://sbs.seandaniel.com/2011/06/how-to-manually-configure-sbs-2011.html.
Configure your Domain Name
- From the registry editor browse to HKLM\SOFTWARE\Microsoft\Windows
Server\Domain Manager\Providers\E423C85D-6B1F-4583-95E0-449D8263BAC4. Set
the UseV2CertificateSupport value
to 0. - Restart the Windows Server Domain Name Management service.
- Close and reopen the SBS Essential
Dashboard. - Run the Set up Domain Name wizard to configure
your domain name, be sure to match the name on the certificate you plan to use. - From the registry editor browse to HKLM\SOFTWARE\Microsoft\Windows
Server\Domain Manager\Providers\E423C85D-6B1F-4583-95E0-449D8263BAC4. Set
the UseV2CertificateSupport value
to 1. - Restart the Windows Server Domain Name Management service and close and reopen
the SBS Essential Dashboard.
Import Your Certificate Using a Script
The easiest method to import the script is to use the following PowerShell script. Download the ImportTrustedCertSBSE.ps1 script to tools/temp folder and run it as an administrator from WssPowerShell.exe. This script requires that you have your certificate in .pfx form. You will be prompted for the certificate path and password.
Import Your Certificate Manually
Alternatively you can manually import the certificate using the following steps.
** Note: that if you are manually creating a request thru IIS, follow the below TechNet article on making and completing the request in IIS. Once the certificate is installed continue with the other steps to ensure the bindings are correct. Then follow steps 2 and 3.
For more information see: https://technet.microsoft.com/en-us/library/cc731977(WS.10).aspx
Step 1. Import Trusted certificate to local machine store.
- Open MMC as administrator.
- Select File > Add/Remove Snap-in…
- Select Certificates and click Add>
- Select Computer account and click Next.
- Select Local Computer and click Finish.
- Click Ok.
- Expand Certificates > Personal > Certificates.
- Right-click Certificates, select All Tasks > Import…
- Click Next.
- Select your .PFX file
- Enter the password for the PFX file.
- Make sure "Mark this key as exportable. This will allow you to backup or transport your keys at a later time" and "Include all extended properties" checkboxes are both checked. Then click Next
- Leave the default option selected of "Place all certificates in the following store" and ensure the Certificate store is set as Personal. Then click Next.
- Click Finish.
Step 2. IIS Configuration
- Open IIS Manager from Administrative tools.
- Expand your server name.
- Expand Sites.
- Select the Default Web Site and click the Bindings… action.
- Select HTTPS *:443: and click Edit…
- Choose your trusted certificate and click View to ensure that you have the corresponding private key for that cert. .
- Click Ok twice and then Close.
Step 3. RD Gateway Configuration
- Enable Remote Desktop Gateway Service Management.
- Open the Remote Desktop Gateway Manager from Administrative Tools > Remote Desktop Services.
- Right-click your server name and choose properties.
- Select the SSL Certificate tab.
- Click the Import Certificate… button.
- Choose your trusted certificate and click Import.
- Click Ok.
For more information please see: https://social.technet.microsoft.com/wiki/contents/articles/manually-install-existing-ssl-certificate-into-small-business-server-2011-essentials.aspx
Post Updated: 11/18/2011