SBS 2011 Certificate Installation

You will need these SBS 2011 Certificate installation instructions if you are using a self-signed SSL certificate and and of the following apply:-

  • You connect to your SBS 2011 server from a PC at home for Outlook, Remote Web Access or Outlook Web Access
  • Your company server was upgraded to SBS 2011 and your Outlook isn’t working, mentioning certificates
  • Your server’s certificate expired and had to be re-generated

Here’s what you need to do:

  1. Find out your Remote Web Access address, and enter it into Internet Explorer
  2. You will be greeted with a certificate warning – “continue to this website” anyway
  3. Log in using your network username and password
  4. When you are logged in, from the ‘Shared Folders’ section choose ‘Public’ (if you don’t see Public, click the ‘Shared Folders’ heading)
  5. Inside Public is Downloads
  6. Inside Downloads is Certificate Distribution Package – typically it is easier to do this than try to download the zip file and extract it.
  7. Click the ‘SBSCertificate.cer’ and choose to Open it
  8. Click ‘Install Certificate’ and then Next
  9. You need to choose to ‘Place all certificates in the following store’ and then click Browse
  10. Choose ‘Trusted Root Certification Authorities’ and press OK
  11. Click Next, Finish, Yes, Ok.

From here you should close Internet Explorer, and then re-open it and re-visit the Remote Web Access addres (Step 1). You should NOT be greeted with a certificate warning at this point. If you are, you probably didn’t install the certificate in the Trusted Root Certification Authorities section.

You can now use Remote Web Access, Outlook Web Access and the Remote Desktop Gateway services of SBS 2011.

Why is this needed?

What is happening is that certificates used in secure communications (HTTPS, often used by websites like banks where you see the little padlock symbol) are issued to a computer by an issuing authority. Your computer already knows about the common ones, Verisign etc. But the server has issued it’s own certificate, under it’s own authority. Your computer does not recognise your company’s server’s authority to issue certificates, so we are adding the company server to the list of servers whose certificates we trust.