locked
WHS Invalid Certificate! RRS feed

All replies

  • The certificate is for your domain name not an IP address, so it will be invalid. Not sure how you access via IP if it's dynamic as you will always need to know what it is at any given time. Why don't you want to register a name with homeserver.com (or any other provider - Dyndns?) as it will solve all your problems, particularly when you do not have a fixed IP.
    Wednesday, May 11, 2011 10:47 PM
  • The problem with homeserver.net or .com is, I can randomly type in http://philipWHS.homeserver.com and if i'm lucky, I hit your WHS =) ... and I can attack it. Even though it's password protected.

    I don't have Dyndns. I just know my IP, because I have a windows service running on my WHS. It alerts me through email when a new IP kicks in. =)
    Even though I have dynamic IP, it stays the same for many months.

    Wednesday, May 11, 2011 10:59 PM
  • As Philip said, a certificate is for a name, not an IP. This is just the way it works.

    If you don't wish to use a subdomain of homeserver.com etc, you can setup your own domain name and purchase your own certificate. You will then have to update your own DNS records (unless you buy the domain from GoDaddy as WHS will talk to them directly to update DNS and install a certificate).

    If you are concerned about the machine being attacked or compromised, you shouldn't expose it to the internet at all.
    Having a DNS name of any kind doesn't change how vulnerable you are to any attack. In fact, it's far easier and more effective to scan IP blocks for machines to 'look' at than to try and figure out a working DNS name.

     

    -timotl 

    Wednesday, May 11, 2011 11:19 PM
  • "machine being attacked or compromised, you shouldn't expose it to the internet at all". I agree. When hosting from home is the risk even with IP or subdomain name. Whenever I open the port 80, I can see tons of IPs hitting my router. But they are all blocked out.

     

    Now this is interesting, "You will then have to update your own DNS records (unless you buy the domain from GoDaddy as WHS will talk to them directly to update DNS and install a certificate).". I have lots of domain names with GoDaddy and also host websites with them. Is there instruction on how to link or configure WHS to talk with GoDaddy? Is it the Server Settings -> Remote Web Access section?

    Thanks.

    Wednesday, May 11, 2011 11:29 PM
  • Okay, i tried to walk through the steps in the Server Settings to setup the domain. However, it ask me to buy a certificate from GoDaddy, which is $50/year. But you say that WHS will install the certificate? Does that mean I can cancel the certificate purchase?

    Another question is, if I setup with domainA, and later want to change to domainB. What will happen to the certificate? Is WHS will re-install a new cert for domainB?

     

    Thanks

    Wednesday, May 11, 2011 11:45 PM
  • The problem with homeserver.net or .com is, I can randomly type in http://philipWHS.homeserver.com and if i'm lucky, I hit your WHS =) ... and I can attack it. Even though it's password protected.

    Ha ha - well that's not it but I take your point. I don't think just using an IP affords any additional security to an outomated scanner.
    Thursday, May 12, 2011 2:58 PM
  • Homeserver.com domains/certificates come for free (well my two did anyway). As I understand it, if you choose a new homeserver.com domain, after releasing the old one, a new certificate is installed.

    Phil

    Thursday, May 12, 2011 3:00 PM
  • Philip, that's good to  hear that homeserver.com releases the old cert and installs new one. But what about if i use my own dowmain from GoDaddy? 

    I want to know if this is true or not from Tim

     

    "your own DNS records (unless you buy the domain from GoDaddy as WHS will talk to them directly to update DNS and install a certificate)." but walking through the steps in Server Settings from the DASHBOARD, it redirects me to GoDaddy to purchase a cert for $50. Why does it redirect to an expensive cert? There are certs that are cheaper. =) Who needs 256 encryption?

     

    Can someone confirm if I use GoDaddy domain, the WHS will import or install the cert to GoDaddy without me purchasing the cert from GoDaddy for $50? 

     

    Thanks.

    Thursday, May 12, 2011 5:18 PM
  • I don't know, but why do you believe that GoDaddy would give you a free certificate unless that's part of the price you paid for the GoDaddy domain? Of course, that's what you get from Microsoft as part of the WHS license.
    Thursday, May 12, 2011 6:14 PM
  • "why do you believe that GoDaddy would give you a free certificate", I didn't say that they give me a freebee cert =)
    To my understanding, if i'm wrong correct me. Tim says that WHS will forward or tell GoDaddy to use the WHS cert and install it.

     

    I think that's what it means =)
    But $49.99 for a cert? hmm Is it worth it? Other places sell a cert for $10. GoDaddy only gives me one option, which is $49.99 cert with 256 encryption. I don't need that much ... 128 would be enough.  

    Thursday, May 12, 2011 6:47 PM
  • And why isn't there any WHS support people from MS to help with issue in here? =)
    Thursday, May 12, 2011 6:47 PM
  • Windows Home Server 2011 is a OEM product.
    As you are using an OEM product *you* are your own support.

    If safety is your concern, just use the free homserver.com domain. It gets you a 1024 bit certificate which should give you the security you need. If you want to use your own domain, did you try the wizard to configure an existing domain?
    - Theo.

    Btw: As you are using a MSDN or TechNet version I think you could try to get some support through these channels.

     

     


    No home server like Home Server
    Saturday, May 14, 2011 2:40 PM
    Moderator
  • Theo (or anyone else)  - I ave a variant of this question, thought you could help ..

    I thought this was discussed before but I cannot find the thread – if you have it, or know the answer, please let me know ..

    When I use the wizard to setup a domain (which I already have), it takes me to my registrar (which is go-daddy), to purchase an SSL Cert. When I do this, it brings me back to the wizard, asks me to log into the registrar (with my domain name, registrar user name and password), then takes me to a screen that validates my common name (remote.flyhome.biz) and then I get an error that it could not continue, “try back later”.

    So, my question 1) if I hand roll a certificate request, what name should I use? My domain is flyhome.biz. Should I build a cert for this or for remote.flyhome.biz (which is what the WHS Vail Domain Wizard was trying to do) or something else? and 2) will homeserver be satisfied with me going into IIS to install the certificate, or will the dashboard still show a domain issue?

    Saturday, May 21, 2011 6:06 PM
  • Definitely create the cert for the subdomain so remote.flyhome.biz 

    I did the same with GoDaddy's $12 cert.
    Once you manually install the cert in IIS, go through the setup wizard again. This will let the WHS services know the cert is OK and it should leave it alone. It will also install the cert for the TS Gateway to use. If you use their DNS it will also create/update that record whenever necessary.

     

    -timotl

    Saturday, May 21, 2011 10:24 PM