Renewing a 3rd Party SSL Certificate on SBS 2008

Here is how to renew a certificate that’s expired or about to expire on your SBS 2008 Server.

  1. Open the Windows SBS Console
  2. Click on Network
  3. Click on “Add a trusted Certificate”
  4. Click “Next”
  5. Click “I want to renew my Current Trusted Certificate with the same provider” Click Next.
  6. Click Save to file and save the file.
  7. In this case we’re using godaddy, so log into the godaddy website using you username and password.
  8. Purchase a SSL renewal if you’ve not already done so and then launch your SSL Certificate control panel.
  9. Click Request Certificate on the right hand side
  10. Copy the contents of the saved file from step 6 into the CSR section of the godaddy renewal wizard. Click Next on the CSR wizard twice. Click Finished on the CSR renewal wizard.
  11. Approve the confirmation email that godaddy sends, and then log back into your SSL Certificate control panel at godaddy.
  12. Wait for the Certificate to be processed, and then download the certificate with the updated expiration date. Select the Exchange 2010 download format.
  13. Extract the files to a folder, and then return to your “Add a trusted Certificate” wizard.
  14. Select the option for “I have a certificate from my certificate provider” and then click “Next”
  15. Click the “Browse” button and select the .crt file from the folder you just created. Click “Next”.
  16. Wait for the wizard to complete. If the wizard fails follow these instructions:
  17. Right click on your .crt file and select install. Follow the wizard to install it.
  18. Open your TS Gateway Manager, verify that on the “SSL Certificate” tab the proper certificate and expiration date are listed”
  19. Open your Exchange Management Shell
  20. Run the following command and make not of the new certificate’s thumbprint. “Dir cert:\LocalMachine\MY | fl
  21. Run a “get-exchangecertificate | fl” to see a list of all certificates and what services they are tied to.
  22. Verify that the newly installed certificate is configured for IIS, and any other services it should be attached to.
  23. Connect to https://127.0.0.1/owa and verify that the certificate being used is the newest certificate.
  24. If IIS is not using the correct certificate you’ll need to run this command from the exchange management shell: Enable-ExchangeCertificate –Thumbprint XXXXXXXXXXXXXXXXXXXXX –services “iis,IMAP,POP” where the XXX is the new thumbprint and the services listed are the ones that should be using the new cert.

Note: if you need more information on install the certificate in exchange you can read this.

Note: if you can’t figure out where the “TS Gateway Manager” you can read a write up on how to enable it here.

7 thoughts on “Renewing a 3rd Party SSL Certificate on SBS 2008

  1. Fraser

    For SBS 2008 should the download type from GoDaddy be exchange 07 or 10 as listed above ? I am leading towards 07 as that comes with SBS 08, so want to make sure.

    Reply
    1. Sean LaBrie

      Really,

      it’s almost the same process for both, exchange 2007 requires you to use the command line to install it, and exchange 2010 does not, but the cert and the intermediate cert are the same.

      Thanks,

      Sean

      Reply
  2. Monir

    OMG you hero .. Many thanks for the write up. You have saved me loads of time.

    I have an SBS 2008 box; I was confused by why I had to download the Exchange 2010 version certificate as opposed to exchange 2007 . I followed the steps above and hey presto all is well.

    Reply
  3. Adrian Hutchinson

    Zillions of blogs about certificates, yours is the only one I can find to simply describe renewing what you already have. Brilliant, thanks very much.

    Reply
  4. Pingback: Godaddy Ssl Cert Sbs 2008 – +ADw-/title+AD4-Hacked By TURKHACKTEAM.ORG Putin, knowingly and willfully planned airplane attack and the citizen on death. This has caused you to be you're a traitor. Now the citizens of nationalist feelings of the Russ

Leave a Reply

Your email address will not be published. Required fields are marked *