locked
WHS 2011 SSL certificate install failure RRS feed

  • Question

  • After several days of failure using Go Daddy instructions for installing SSL certificates on IIS 7 in WHS 2011, today a strange thing happened on the way to the finish line. Over about five days I have re-keyed and obtained news certificates. When downloaded from Go Daddy they all say Issued by Go Daddy.com. After isntallation Remote will not work because the certificate is not issued by a certified provider. The listed issuer is changed from Go Daddy.com to Kielbasalink-CA, I suppose which makes it a self-issued certificate. The WHS wizard always says  "Wait until a new certificate is issued."

    It seems that the change may occur during in the Binding phase of installation. My last attempt was a freshly downloaded crertificate from Go Daddy. After uploading the certicate to IIS and in Information Services Manager window when it came to "Select the certificate that you just installed" step in Go Daddy's procedure, several certficates were listed, probably from my repeated installation trys, and when viewed none of them were issued by Go Daddy. All said "Kielbasalink-CA."

    Ether the recently submitted file was not presented for selection, or the name was changed during the process. Does anyone have advice about how this occurs and how to solve the problem? I used WHW 1 since 2007 without many problems and initial setup of 2011 went pretty well. From posts here I expected trouble with the SSL certificate.

    If this problem doesn't clear soon I will want to go back to a domain name assocated with my Windows Live account. I didn't see a step in Remote setup for changing domains. Can someone tell me how that is done.

    Thanks for your help.

    Charlie  


    Charlie
    Wednesday, July 13, 2011 7:32 PM

All replies

  • After posting yesterday I spent several hours trying both the detailed procedure from Go Daddy for CRS request, download and installation, and trying the Remote Access Wizard certificate install routine. In all cases there was either a domain mis-match, or the certicate indicated it was issued by the wrong certification authority. My decision was to shelve the idea of using my own domain and shift to one issued by Microsoft. Later I can try to change to my registered domain. One question in my post was resolved -- I discovered using Remote Access setup to change domains.

    The new Remote Access is to https://kielbaslink.homeserer.com. Remote Access from the Dashboard and from Launchpad both work. I did have to place the new certificate in the Trusted Certificates Store.

    New problem:

    Trying to use Remote Web Access from IE fails. When the browser "failure to connect" message appears, running diagnotics brings a result that says, in part: ".... the Remote Desktop Gateway server address requested and the certificate subject name do not match."

    Certificate Information:

    In the certiciate details it says:

    Issued to: kielbasalink.homeserver.com
    Issued by: Go Daddy Secure Certficate Authority

    Help! In the interest of moving beyond installation and setup to using WHS 2011, can someone please tell me how to resolve this certificate disparity. It seems that this should be a self-issued certicate, iniated by Microsft, that shows my domain, Kielbasalink, as the issuer.  Solving this problem will even make my wife happy! I am neglecting my chores.

    A secondary question is about all of the bogus certicates that I have attempted to install. If they do not overwrite their predecessor, should the unused and useless certficates somehow be delected from the server? If the answer is "yes", can anyone tell me what needs to done.

    Thank you in advance for any help that you can offer.


    Charlie
    Thursday, July 14, 2011 6:49 PM