locked
Installing third party SSL Certificates in Vail Preview Refresh RRS feed

  • Question

  • Is it now possible to install a new SSL certificate provided by a vanity domain supplier (eg eNomControl) in Vail Preview Refresh contrary to what it states in the Release notes for Vail Preview Beta.

    There is no mention of this in the Vail Preview notes and I cannot get it to install and remain in the Certificate Window as was the problem in the initial release.

    Have tried numerous ways but to no avail

    Wednesday, August 25, 2010 2:35 AM

Answers

  • The only way it's ever likely to be "supported" is through functionality built into the dashboard. if you're trying to install a certificate any other way, no, it's not supported.
    I'm not on the WHS team, I just post a lot. :)
    Wednesday, August 25, 2010 12:56 PM
    Moderator
  • Ken is correct. 
     
    You can choose either the free .homeserver.com domain name, which will provide a domain name (e.g. foo.homeserver.com) and certificate for this domain at no extra cost to you, or you can choose a vanity domain name, which you will have to pay for with one of the two providers in the product today.  They will charge you what they feel is competitive for their services, and you can use a vanity domain name +certificate through this.
     
    There is supported way to manually configure your own domain and own cert outside of these two flows.
     
    Sean
     
     
     
    "Ken Warren" wrote in message news:e3258278-51e5-43e7-8592-45434cfcf700...
    The only way it's ever likely to be "supported" is through functionality built into the dashboard. if you're trying to install a certificate any other way, no, it's not supported.
    I'm not on the WHS team, I just post a lot. :)
    Wednesday, August 25, 2010 6:49 PM
    Moderator

All replies

  • The only way it's ever likely to be "supported" is through functionality built into the dashboard. if you're trying to install a certificate any other way, no, it's not supported.
    I'm not on the WHS team, I just post a lot. :)
    Wednesday, August 25, 2010 12:56 PM
    Moderator
  • Ken is correct. 
     
    You can choose either the free .homeserver.com domain name, which will provide a domain name (e.g. foo.homeserver.com) and certificate for this domain at no extra cost to you, or you can choose a vanity domain name, which you will have to pay for with one of the two providers in the product today.  They will charge you what they feel is competitive for their services, and you can use a vanity domain name +certificate through this.
     
    There is supported way to manually configure your own domain and own cert outside of these two flows.
     
    Sean
     
     
     
    "Ken Warren" wrote in message news:e3258278-51e5-43e7-8592-45434cfcf700...
    The only way it's ever likely to be "supported" is through functionality built into the dashboard. if you're trying to install a certificate any other way, no, it's not supported.
    I'm not on the WHS team, I just post a lot. :)
    Wednesday, August 25, 2010 6:49 PM
    Moderator
  • Is the "foo" (foo.homeserver.com) in your reply the same as the 'foo' in "owata foo liam"?
    LOL
     
    Art [artfudd] Folden
    I'm a PC and Windows 7 sucks less!
    ----------------------------------------------
    "Sean Daniel - MSFT" wrote in message
    news:16963808-7d83-46df-90e7-9bbbb4f9d885@communitybridge.codeplex.com...
     Ken is correct.
     
    You can choose either the free .homeserver.com domain name, which will provide a domain
    name (e.g. foo.homeserver.com) and certificate for this domain at no extra cost to you, or
    you can choose a vanity domain name, which you will have to pay for with one of the two
    providers in the product today.  They will charge you what they feel is competitive for
    their services, and you can use a vanity domain name +certificate through this.
     
    There is supported way to manually configure your own domain and own cert outside of these
    two flows.
     
    Sean
     
    "Ken Warren" wrote in message news:e3258278-51e5-43e7-8592-45434cfcf700...
    The only way it's ever likely to be "supported" is through functionality built into the
    dashboard. if you're trying to install a certificate any other way, no, it's not
    supported.  I'm not on the WHS team, I just post a lot. :)
     
     
    Wednesday, August 25, 2010 7:12 PM
  • On Wed, 25 Aug 2010 19:12:05 +0000, artfudd wrote:

    Is the "foo" (foo.homeserver.com) in your reply the same as the 'foo' in "owata foo liam"?
    LOL

    http://en.wikipedia.org/wiki/Foo


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca

    Wednesday, August 25, 2010 7:49 PM
  • Excellent!
     
     
    Nice catch though.
       Sean
     
    "artfudd" wrote in message news:548dfbfe-88fa-4d2c-aa0c-c52371d232a3...
    Is the "foo" (foo.homeserver.com) in your reply the same as the 'foo' in "owata foo liam"?
    LOL
     
    Art [artfudd] Folden
    I'm a PC and Windows 7 sucks less!
    ----------------------------------------------
    "Sean Daniel - MSFT" wrote in message
    news:16963808-7d83-46df-90e7-9bbbb4f9d885@communitybridge.codeplex.com...
    Ken is correct.
     
    You can choose either the free .homeserver.com domain name, which will provide a domain
    name (e.g. foo.homeserver.com) and certificate for this domain at no extra cost to you, or
    you can choose a vanity domain name, which you will have to pay for with one of the two
    providers in the product today.  They will charge you what they feel is competitive for
    their services, and you can use a vanity domain name +certificate through this.
     
    There is supported way to manually configure your own domain and own cert outside of these
    two flows.
     
    Sean
     
    "Ken Warren" wrote in message news:e3258278-51e5-43e7-8592-45434cfcf700...
    The only way it's ever likely to be "supported" is through functionality built into the
    dashboard. if you're trying to install a certificate any other way, no, it's not
    supported.  I'm not on the WHS team, I just post a lot. :)
     
     
    Wednesday, August 25, 2010 7:51 PM
    Moderator
  • I've been known to use "Bob", "Carol", Ted", and "Alice" much the same way. :)
    I'm not on the WHS team, I just post a lot. :)
    Wednesday, August 25, 2010 7:56 PM
    Moderator
  • On Wed, 25 Aug 2010 19:56:19 +0000, Ken Warren [MVP] wrote:

    I've been known to use "Bob", "Carol", Ted", and "Alice" much the same way. :)

    Alice, Bob, and Carol are typically used when discussing cryptography.


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca

    Wednesday, August 25, 2010 8:37 PM
  • Thanks all for your replies.

    I have installed Vail refresh and purchased a domain name from eNomCentral using the Remote Access page setup wizard. I was then sent an SSL Certificate by email with instructions on how to install the certificate.

    From your replies, this is not how the setup is supposed to proceed.

    If I now try to register the domain name through the remote access page set up wizard, it fails every time, telling me that I need to purchase (which I have already done) and install an SSL certificate which I cannot do.

    Obivoiusly the procedure of implementing third party domains and their SSL Certificates is not as simple as using a microsoft domain. My efforts to resolve this issue with eNomCentral have failed to date and is more trouble for the average homeserver user than its worth.

    If nothing else at least I've learnt a lot about certificates.

     

    Thursday, August 26, 2010 12:54 AM
  • Hey, I heard it different . . . Owah ta goo Siam. :) So, I'd guess it should be goo.homeserver.com. :)

    Sorry, just couldn't resist.


    Nancy Ward
    Windows 8 BetaFerret

    "artfudd" wrote in message news:548dfbfe-88fa-4d2c-aa0c-c52371d232a3@communitybridge.codeplex.com...


    Is the "foo" (foo.homeserver.com) in your reply the same as the 'foo' in "owata foo liam"?
    LOL

    Art [artfudd] Folden
    I'm a PC and Windows 7 sucks less!
    ---------------------------------------------- "Sean Daniel - MSFT" wrote in message
    news:16963808-7d83-46df-90e7-9bbbb4f9d885@communitybridge.codeplex.com...
     Ken is correct.

    You can choose either the free .homeserver.com domain name, which will provide a domain
    name (e.g. foo.homeserver.com) and certificate for this domain at no extra cost to you, or
    you can choose a vanity domain name, which you will have to pay for with one of the two
    providers in the product today.  They will charge you what they feel is competitive for
    their services, and you can use a vanity domain name +certificate through this.

    There is supported way to manually configure your own domain and own cert outside of these
    two flows.

    Sean

    "Ken Warren" wrote in message news:e3258278-51e5-43e7-8592-45434cfcf700...
    The only way it's ever likely to be "supported" is through functionality built into the
    dashboard. if you're trying to install a certificate any other way, no, it's not
    supported.  I'm not on the WHS team, I just post a lot. :)


    Nancy Ward
    Thursday, August 26, 2010 3:52 AM
  • Further to above, after a long period discussion with the support people at eNomCentral over my problem, they believe that the procedure in the remote access setup page is defective and does not allow for implementation of third party domains and certificates into vail refresh.

    Over to you MS it looks like the balls in your court.

    Thursday, August 26, 2010 3:54 AM
  • Not that I'm going to go in that direction, but what are the two other providers of a vanity domain name? I like my computercare7.homeserver.com just fine.


    Nancy Ward
    Windows 8 BetaFerret

    "Sean Daniel - MSFT" wrote in message news:16963808-7d83-46df-90e7-9bbbb4f9d885@communitybridge.codeplex.com...




    Ken is correct.

    You can choose either the free .homeserver.com domain name, which will provide a domain name (e.g. foo.homeserver.com) and certificate for this domain at no extra cost to you, or you can choose a vanity domain name, which you will have to pay for with one of the two providers in the product today.  They will charge you what they feel is competitive for their services, and you can use a vanity domain name +certificate through this.

    There is supported way to manually configure your own domain and own cert outside of these two flows.

    Sean





    "Ken Warren" wrote in message news:e3258278-51e5-43e7-8592-45434cfcf700...

    The only way it's ever likely to be "supported" is through functionality built into the dashboard. if you're trying to install a certificate any other way, no, it's not supported.


    I'm not on the WHS team, I just post a lot. :)


    Nancy Ward
    Thursday, August 26, 2010 3:56 AM
  • Alice, Bob, and Carol are typically used when discussing cryptography.
    True, but I'm pretty sure I've been doing it longer (30+ years) than they have. :) Not that I write much code these days...
    I'm not on the WHS team, I just post a lot. :)
    Thursday, August 26, 2010 12:58 PM
    Moderator
  • There's certainly a technical specification document describing how Vail and a third party domain service will communicate. One possibility is that Microsoft didn't implement this in the current build of Vail, or that the implementation is broken. The other, of course, is that eNom doesn't have their side in place yet. My bet, since you received a certificate via email, is on eNom; they didn't deliver the certificate the way Vail expects to receive it.

    Note: you should certainly submit a bug on Connect if this isn't working for you. Whoever owns the actual bug, it's a Vail issue.


    I'm not on the WHS team, I just post a lot. :)

    Thursday, August 26, 2010 1:04 PM
    Moderator
  • Ok Thanks Ken  Will do.

    I've paid my money so I'd like to take my chances

    Phil

    Thursday, August 26, 2010 9:31 PM
  • As mentioned above, you cannot install the certificate yourself.  The reasoning is because while you can install the certificate into IIS, UI doesn’t exist in the product to install the certificate into TSGateway, so you cannot connect to PCs or server dashboards if you do this.
     
    If you want a Vanity domain name for your server, you MUST use our wizard, and you MUST use our partners.  Using our partners you can obtain both the certificate AND the domain name (or a certificate only if you already own the domain name) for your server, and we will programmatically obtain and install that certificate.
     
    Does this make sense?
       Sean
     
     
    "PC55" wrote in message news:b401c232-dc93-481c-886b-f05de1f266b3...

    Ok Thanks Ken  Will do.

    I've paid my money so I'd like to take my chances

    Phil

    Thursday, August 26, 2010 10:42 PM
    Moderator
  • Hi Sean

    To clarify, I did used YOUR WIZARD in the Remote Access Setup Page, opting to purchase a domain name and certificate from eNomcentral (YOUR PARTNER)

    This procedure resulted in an email to me from eNomCentral containing the certificate and instructions to install. -  I DO NOT WANT TO install the certificate but this is what occurred as a result of my purchase through the wizard, so obviously something is not in place to ensure the correct procedure occurrs with YOUR PARTNER.

    After I had purchased my Domain Name and continued with the set up page in the Wizard, It then tells me that for my Domain name to work  that I need to upgrade or update my service with eNomCentral. If I then click on the help link, it then says that I may need to purchase a Certificate from the provider which of course I have already done.

    Thats as far as I can get with the wizard and the only option is the cancel button.

    The procedure does work well with the Windows Live free domains.

    I will submit a bug on Connect

     

    Friday, August 27, 2010 7:44 AM
  • Thanks for submitting a bug, Phil. And I'd like to share the experience when I purchase domain name and certificate from eNomcentral. Hope it can resolve your problem.

    After I buy a new domain name and certficate from eNomCentral, I return to the wizard and go through the steps. I got  a result page telling me that "need to wait because certificate request is processing". Later I got several emails from ENom, first one is just order information, and second one is "RapidSSL Certificate Request Confirmation". It requires me to approve the certificate request from a link. I clicked the link and approved it. Then I got an email saying "order has been completed", and this email has the certificate string. I did nothing more on my Vail. After several hours or so, the domain name and certificate start working.

    From your description, it looks like you have reopen the set up page in the wizard. In this case, you don't need to pay again, you can just skip the purchase on the website and go through wizard directly.

    Tuesday, August 31, 2010 7:38 AM