• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

SSL certs...which way to go

YeOldeStonecat said:
This is the part I'm brain farting on....
So when I'm on the server in IIS doing the generate request weeeeezard, instead of just plugging in the FQDN for the server...such as sbs.myclient.com, I type in several aliases? In the fashion of doing multiple e-mails...separated by a semi colon? Or separated by a comma, and space?
Click to expand...

I'm 80% sure you do it this way (No 2003 to test it on so I really don't remember for sure).

Just generate the request on the server for whatever your general or primary domain will be (sbs.client.com). Then with Godaddy, make sure you put in ALL 5 ALIASES, and use the request from your server there. Then when the certificate is generated, install it on your server.

Then, when you hit OWA or anything else that uses SSL, you should be able to look at the certificate and see that there's 5 aliases in there.
 
Techie

Thanks. Will give that a go

Ye...

When you set up the UCC cert, there is a spot on the form to add Alternate names. It's not in the SBS wizard
 
Once it's in your Certificates folder on GoDaddys site, if you go to manage it, the spot where you see "There are no Subject Alternative Names to display." and there's a spot "All newly added SubjectAlt Names must be vetted.
New Subject Alt Name:"
You add either "office" or "office.myclient.org" there? I tried adding office.myclient.org there...went to save, got some error and to call starfield support.
 
If you want to play with valid certs just to work out your processes, startssl.com is a good place to start. They will issue public 1 year class 1 certs for free. Once you have your processes worked out, you can go through whatever vendor you want for a class 2 or better cert including startssl.com if you want to do so.

If you ever want to see whose public cert servers are supported by default in a Windows system. Just use the mmc.exe and go look.
 
archivalbackup said:
Do not use go-daddy ... most every device will complain about the certificate. Go-daddy is not included in the root-certificate file that is included on most devices; my company uses a go-daddy wildcard and everything complains about it, especially iPhones, iTouches, and firefox.

If you need SSL especially if you plan to use it as part of a business, pony up and get a proper certificate that is included in the default root trusted authorities.
Click to expand...

he needs to install the intermediate certificate from godaddy and his problems will disappear.
 
You must log in or register to reply here.
Back
Top