Monday, September 28, 2009

Installing a SSL Certificate on SBS 2008

The Short Story:
Want a cheap but trusted SSL certificate for SBS 2008? GeoTrust's RapidSSL certs are $19.95 per year through eNomCentral and seem to be trusted by enough devices to make me a happy camper. eNomCentral has a few minor downsides (see below for the whole story), but all in all it was a fine experience. The remote site works, Connect to a Computer works, the only thing left to test is Outlook Anywhere, but that is for another day (EDIT: Outlook Anywhere works flawless!). You can test out the RapidSSL cert for free for 30 days using the FreeSSL option just to make sure it fits your needs.

The Long Story:
The time has come to install a SSL certificate on my SBS 2008 server. I recommend reading this amazing post by Sean Daniel which held my hand through most of my ordeal. I decided to go to to get my cert since it's one of the three major registrars that SBS 2008 supports for automatically handling your public DNS settings. While I don't plan on using that service, at least I know there's a relationship between SBS 2008 and I hoped that that would bode well for me.

On enomcentral's site, I perused through the available SSL certificates and honed in on GeoTrust's RapidSSL certificate. Verisign certs were absurdly expensive and SBS Certificates (The SBS stands for Secure Business Services and not Small Business Server -- that was a bit confusing at first) seemed just a tiny but seedy based on my limited research. I know the name GeoTrust and figured that there was no doubt it would be trusted by most devices. Also, GeoTrust RapidSSL certs were $19.99 as opposed to SBS Instant certs being $29.95. I picked a 5 year certificate.

I quickly searched for any coupon codes that might be applicable at the enomcentral checkout but came up empty. In the process I discovered that enomcentral might not the place to go to get your domain names registered or web site hosted due to some customer service issues. Nice to know Microsoft joined forces with them to promote SBS 2008.

I clicked purchase and waited for a moment. Suddenly I saw a screen that said "Thank you for your purchase!" with an order number. No web page invoice or even instructions on what to do or expect next. Nice. I'm already feeling slightly alienated. I checked my mail and there was an "Order Status" email that had instructions. Okay, we're doing a little better now.

I went to my enomcentral account, went to the "SSL Certificates" drop down menu and selected "manage". After waiting for an inordinate amount of time for the page to load (this is not an uncommon thing for the enomcentral web site) I saw my lone RapidSSL cert in the listing of certificates that I owned. Its status was "Awaiting Configuration". The name of the cert was a hyperlink and I clicked it. From there I was able to edit the information for the cert.

I filled out the contact information with my info and one other person's info as a secondary contact. In the process, I nearly forgot to change the CSR source information. It by default is set to "eNom Hosting" rather than "Outside Hosting" which is what I needed. From there I looked to select my web server type and was horrified to see only IIS versions 4, 5 and 6. No IIS 7. I tried to search for a tech support email address but my search was not aided by the fact that their website is apparently using bandwidth on a shared 28.8k modem dialing through AOL over 12 pound test fishing line.

I searched through their support center and only one article came back for "IIS7" and it was simply a two sentence "article" explaining that IIS7 was not available as a hosted service and only IIS6 was offered. However, I was able to submit a support ticket through that system and hoped I wouldn't receive the same bad customer service that others had written about online.

I checked the RapidSSL site itself and it seems that the certs support IIS7. I suspected that if there was an issue with IIS7 it was enomcentral's fault for being behind. Happily, within about an hour I received a response from tech support!

Thank you for contacting Technical Support. I'll be happy to answer your questions.

When you are configuring the cert on our site, please choose IIS6. This option will not affect the cert in any way and only has to do with server identification for the cert manufacturer.

I hope this has provided answers to your satisfaction. If you have any additional questions regarding this matter, please let us know.

Thank you for choosing us as your domain name registrar, we appreciate your business.

Best Regards,
Ben H.
Technical Support
I was slightly skeptical, but nonetheless I selected IIS6 as the web server type and pasted in the CSR text that SBS 2008 generated. With trepidation I clicked "Submit Certificate Details". Fortunately, the pack mules they use to tranfer data between me and their web site must have had some Red Bull because the response was quick. I then had to select which approval email I wanted to use. With that done, I was sent back to the "Manage SSL Certificates" page and the status was now "Processing". I checked my mail and within one minute I recevied the certificate request email. I simply had to click through a special URL and selected either "I Approve" or "I Disapprove". After approving it I was informed with the following:
Your order is pending a final quality review prior to issuance. This review is normally completed within one business day. For more information on why your order was selected for final quality review visit our FAQs at
 It was already almost 5PM Eastern time when I submitted it so I expected it to not be released until the next day. 21 hours later it was released and emailed to me in text format. I followed these instructions from the official SBS blog to install the certificate by pasting the text into the cert wizard. Mere seconds later I was greeted with a successful notification. The Remote Web Workplace was secured and all worked well.

And peace reigned in the land.

1 comment:

  1. This comment has been removed by a blog administrator.