locked
Help with setting up ssl cert RRS feed

  • Question

  • I am confused as to how to setup an ssl cert for my server.  I have a registered domain name with godaddy which also handles the dns for the domain.  I create an A record for myserver.mydomain.com from the godaddy site.  I manually setup the domain in vail and I can access the server remotely.  I would like to get rid of the ssl warning when connecting remotely and I also want to be able to use the rdp features of vail but I am currently unable to.  I get the following error: "this computer can't verify the identity of the rds gateway...". when trying to use rdp.

    How do I go about requesting an ssl cert and installing it on my vail server?

    Sunday, May 9, 2010 3:55 AM

Answers

  • Per Feng Zhou over here , there is no way for an end user to change the SSL certificate the TS gateway uses. You will have to use the homeserver.com vanity URL.
    I'm not on the WHS team, I just post a lot. :)
    Sunday, May 9, 2010 4:05 AM
    Moderator
  • Hi Folks,
     
    While not in this Beta, you will be able to use vanity domain names with 3rd party trusted SSL certificates.  We are still working with our partners to bring this functionality to you.  This means you could have your home server at something like “www.seandaniel.com” or “remote.seandaniel.com” for example.  This will of course cost you a bit of extra money/year, but again, it’s your choice.  if you don’t wish to pay, the .homeserver.com domain name is for you.  If you do wish to pay, you can have your server at a vanity domain name such as seandaniel.com.
     
    You can view the UI in the build that you have, but the back-end infrastructure is turned off (and not fully implemented yet).  You’ll be able to go with eNom or GoDaddy and either use a domain that you already own with one of these partners, or transfer a domain to one of these partners to use it, or buy a new domain with one of these partners.  As part of the process you’ll be asked to buy a certificate as well.  The server (similar to the ..homeserver.com domain) will automatically obtain and install that certificate for you once you’ve paid for it. 
     
    So, in later builds of Vail, you’ll be able to do the following:
    (1) obtain a free domain name, and free SSL certificate on ..homeserver.com – this works today
    (2) buy a new “vanity” (e.g. seandaniel.com) domain name from one of our partners, including a certificate for that domain
    (3) use an existing “vanity” domain name that you have with one of the partners in the product, and buy a certificate for that domain
    (4) transfer an existing “vanity” domain name to one of our partners for use within the product, and then buy a certificate for that domain.
     
    As you will see in the release notes for this beta, the Vail product today doesn’t recommend using vanity domain names because the solution is not yet complete.
     
    We are providing this functionality because we got feedback in previous releases that folks wanted to use a vanity domain name, and not be forced to use the .homeserver.com domain name.  Is that still the case?
     
    Thanks for the feedback,
       Sean
     
     
    This post is "AS IS" and confers no rights.
     
    "Mads Brodersen" wrote in message news:55fce0ad-22b4-4053-af7c-a371f8172acf...

    I too have a GoDaddy-ssl certificate, that I used on my previous WHS v1.

    Now after I installed Vail, I am trying to complete the certificate request - everything seems fine, the wizard exits without errors and I can see the certificate in the IIS Server Certificates pane, but when I refresh the view the certificate dissapears.

    I followed GoDaddy's howto and the link to the tutorial Ken Warren provided as an example. Does anyone know what I am missing.

    Monday, May 10, 2010 4:15 PM
    Moderator

All replies

  • Per Feng Zhou over here , there is no way for an end user to change the SSL certificate the TS gateway uses. You will have to use the homeserver.com vanity URL.
    I'm not on the WHS team, I just post a lot. :)
    Sunday, May 9, 2010 4:05 AM
    Moderator
  • If I just want to get my own ssl setup (not for rdp) for my own manually setup domain, how do I go about creating an ssl request?

    Sunday, May 9, 2010 4:31 AM
  • Stick with a homeserver.com address, and you won't have to worry about it. You won't see the SSL warning, and the TS gateway will work properly.

    Failing that, any search engine (example ) will let you find multiple tutorials (example ) on how to obtain and install a certificate. But the TS gateway will not use the certificate you install, therefore you won't be able to use it.


    I'm not on the WHS team, I just post a lot. :)
    Sunday, May 9, 2010 1:34 PM
    Moderator
  • I too have a GoDaddy-ssl certificate, that I used on my previous WHS v1.

    Now after I installed Vail, I am trying to complete the certificate request - everything seems fine, the wizard exits without errors and I can see the certificate in the IIS Server Certificates pane, but when I refresh the view the certificate dissapears.

    I followed GoDaddy's howto and the link to the tutorial Ken Warren provided as an example. Does anyone know what I am missing.

    Monday, May 10, 2010 12:15 PM
  • Hi Folks,
     
    While not in this Beta, you will be able to use vanity domain names with 3rd party trusted SSL certificates.  We are still working with our partners to bring this functionality to you.  This means you could have your home server at something like “www.seandaniel.com” or “remote.seandaniel.com” for example.  This will of course cost you a bit of extra money/year, but again, it’s your choice.  if you don’t wish to pay, the .homeserver.com domain name is for you.  If you do wish to pay, you can have your server at a vanity domain name such as seandaniel.com.
     
    You can view the UI in the build that you have, but the back-end infrastructure is turned off (and not fully implemented yet).  You’ll be able to go with eNom or GoDaddy and either use a domain that you already own with one of these partners, or transfer a domain to one of these partners to use it, or buy a new domain with one of these partners.  As part of the process you’ll be asked to buy a certificate as well.  The server (similar to the ..homeserver.com domain) will automatically obtain and install that certificate for you once you’ve paid for it. 
     
    So, in later builds of Vail, you’ll be able to do the following:
    (1) obtain a free domain name, and free SSL certificate on ..homeserver.com – this works today
    (2) buy a new “vanity” (e.g. seandaniel.com) domain name from one of our partners, including a certificate for that domain
    (3) use an existing “vanity” domain name that you have with one of the partners in the product, and buy a certificate for that domain
    (4) transfer an existing “vanity” domain name to one of our partners for use within the product, and then buy a certificate for that domain.
     
    As you will see in the release notes for this beta, the Vail product today doesn’t recommend using vanity domain names because the solution is not yet complete.
     
    We are providing this functionality because we got feedback in previous releases that folks wanted to use a vanity domain name, and not be forced to use the .homeserver.com domain name.  Is that still the case?
     
    Thanks for the feedback,
       Sean
     
     
    This post is "AS IS" and confers no rights.
     
    "Mads Brodersen" wrote in message news:55fce0ad-22b4-4053-af7c-a371f8172acf...

    I too have a GoDaddy-ssl certificate, that I used on my previous WHS v1.

    Now after I installed Vail, I am trying to complete the certificate request - everything seems fine, the wizard exits without errors and I can see the certificate in the IIS Server Certificates pane, but when I refresh the view the certificate dissapears.

    I followed GoDaddy's howto and the link to the tutorial Ken Warren provided as an example. Does anyone know what I am missing.

    Monday, May 10, 2010 4:15 PM
    Moderator
  • Sean,
     
    As you have stated it "gives" us the option to get our own if we wish to. I just use the homeserver.com domain and that is all I really need. Sometime in the future I might want to go to a "vanity" domain and that will be available if I choose to do that.
     
    I think that you statement covers both sides well and I am happy with the way it is going.
     
    Just my 2 cents on that.

    --
    Don
    "Sean Daniel - MSFT" wrote in message news:99c2058a-a844-46b2-ac4b-18495f638211...
    Hi Folks,
     
    While not in this Beta, you will be able to use vanity domain names with 3rd party trusted SSL certificates.  We are still working with our partners to bring this functionality to you.  This means you could have your home server at something like “www.seandaniel.com” or “remote.seandaniel.com” for example.  This will of course cost you a bit of extra money/year, but again, it’s your choice.  if you don’t wish to pay, the .homeserver.com domain name is for you.  If you do wish to pay, you can have your server at a vanity domain name such as seandaniel.com.
     
    You can view the UI in the build that you have, but the back-end infrastructure is turned off (and not fully implemented yet).  You’ll be able to go with eNom or GoDaddy and either use a domain that you already own with one of these partners, or transfer a domain to one of these partners to use it, or buy a new domain with one of these partners.  As part of the process you’ll be asked to buy a certificate as well.  The server (similar to the ..homeserver.com domain) will automatically obtain and install that certificate for you once you’ve paid for it. 
     
    So, in later builds of Vail, you’ll be able to do the following:
    (1) obtain a free domain name, and free SSL certificate on ..homeserver.com – this works today
    (2) buy a new “vanity” (e.g. seandaniel.com) domain name from one of our partners, including a certificate for that domain
    (3) use an existing “vanity” domain name that you have with one of the partners in the product, and buy a certificate for that domain
    (4) transfer an existing “vanity” domain name to one of our partners for use within the product, and then buy a certificate for that domain.
     
    As you will see in the release notes for this beta, the Vail product today doesn’t recommend using vanity domain names because the solution is not yet complete.
     
    We are providing this functionality because we got feedback in previous releases that folks wanted to use a vanity domain name, and not be forced to use the .homeserver.com domain name.  Is that still the case?
     
    Thanks for the feedback,
       Sean
     
     
    This post is "AS IS" and confers no rights.
     
    Monday, May 10, 2010 4:53 PM
  • I have a vanity name (I will use www.myname.com as an example) and I was initially having the same SSL cert issue and this was also preventing me from using RDP.  I have found the following work around

    step 1.  Create a domain certificate for your vanity name i.e. www.myname.com in WHSV (standard functionality in IIS Manager).

    step 2. Issue the certificate from WHSV's Certification Authority snap-in and then complete the certificate request in IIS manager

    Step 3. Bind the certificate to HPPTS (port 443) WHSV IIS Manager

    Step 4 Export the root certificate and add this to the trusted publishers store in Internet Explorer

    This gets rid of the certificate warnings, and more importantly, allowed me to Remote Access (RDP)

     

    Hope this helps - If anyone wants step by step details, I will screen shot the step by step process

    Sunday, May 16, 2010 4:26 PM
  • This should be completely automated in the next release.
     
    This post is "AS IS" and confers no rights.
    "Tony Denman" wrote in message news:818d3052-7c99-4372-8231-dcf93848ae8c...

    I have a vanity name (I will use www.myname.com as an example) and I was initially having the same SSL cert issue and this was also preventing me from using RDP.  I have found the following work around

    step 1.  Create a domain certificate for your vanity name i.e. www.myname.com in WHSV (standard functionality in IIS Manager).

    step 2. Issue the certificate from WHSV's Certification Authority snap-in and then complete the certificate request in IIS manager

    Step 3. Bind the certificate to HPPTS (port 443) WHSV IIS Manager

    Step 4 Export the root certificate and add this to the trusted publishers store in Internet Explorer

    This gets rid of the certificate warnings, and more importantly, allowed me to Remote Access (RDP)

     

    Hope this helps - If anyone wants step by step details, I will screen shot the step by step process

    Wednesday, May 19, 2010 9:21 PM
    Moderator
  • You can use selfssl.exe to generate a FREE Certificate that works with Vail and the buil-in website:

    selfssl.exe came as a part of “IIS 6.0 Resource Kit Tools” but can be downloaded individually at http://www.netometer.com/tools/SelfSSL.zip

    The command you want to use is

    selfssl.exe /N:CN=vail.changeip.com /V:1095 /S:1

    where CN is your URL, V is the number of days you want the certificate to be valid and S is the ID number of the website in IIS Manager (it is #1 for both WHS1 and Vail) 

     

    Saturday, May 22, 2010 5:40 PM
  • I was able to get a trusted comodo ssl cert (instantssl.com) to install and work, unsure about the RDP, but it did cure the https error issue. 

    However, it created a critical error in the dashboard for remote access.  Using the 'repair' option cleared the error but removed the trusted certificate.

    I am unsure how to proceed.

    Monday, July 12, 2010 5:00 AM
  • Per Sean, above, you will be able to work with certain partners to obtain a certificate for a vanity URL that you hold through them. Probably there will be no support for a self-managed solution, where you own the domain name, but not through a Microsoft partner. In that case, you can try Tom's suggestion just above your post. It won't be "supported" by Microsoft, however, and it's possible that there will be issues that you wouldn't have with a supported solution.
    I'm not on the WHS team, I just post a lot. :)
    Monday, July 12, 2010 12:17 PM
    Moderator
  • Sorry, I'm new to this so hopefully I am going about this in the right way.

    Is it now possible to install a new SSL certificate provided by a vanity domain supplier (eg eNomControl) in Vail preview issue contrary to what it states in the Release notes for Vail Beta.

    There is no mention of this in the Vail Preview notes, but I cannot get it to install and remain in the Certificate Window as was the problem in the initial release.

    Have tried numerous ways but to no avail.

    Tuesday, August 24, 2010 11:14 AM
  • Hi PC55!
     
    You should just run the setup domain wizard from the dashboard settings page.  then choose a vanity domain name from eNomCentral and it’ll go ahead and do all the certificate stuff for you programmatically.
     
    Sean
     
     
    "PC55" wrote in message news:237646cb-d9cb-4cad-aff3-e742c6dd5499...

    Sorry, I'm new to this so hopefully I am going about this in the right way.

    Is it now possible to install a new SSL certificate provided by a vanity domain supplier (eg eNomControl) in Vail preview issue contrary to what it states in the Release notes for Vail Beta.

    There is no mention of this in the Vail Preview notes, but I cannot get it to install and remain in the Certificate Window as was the problem in the initial release.

    Have tried numerous ways but to no avail.

    Wednesday, August 25, 2010 6:45 PM
    Moderator
  • Hi PC55!
     
    You should just run the setup domain wizard from the dashboard settings page.  then choose a vanity domain name from eNomCentral and it’ll go ahead and do all the certificate stuff for you programmatically.
     
    Sean
     
     
    "PC55" wrote in message news:237646cb-d9cb-4cad-aff3-e742c6dd5499...

    Sorry, I'm new to this so hopefully I am going about this in the right way.

    Is it now possible to install a new SSL certificate provided by a vanity domain supplier (eg eNomControl) in Vail preview issue contrary to what it states in the Release notes for Vail Beta.

    There is no mention of this in the Vail Preview notes, but I cannot get it to install and remain in the Certificate Window as was the problem in the initial release.

    Have tried numerous ways but to no avail.

    This only works if you buy new domain and SSL using the wizard. If you already have them it will not work.

     

    Don

    Friday, September 3, 2010 5:20 PM