Thursday, July 10, 2008

Windows SBS 2008 Certificate Installer

Windows Small Business Server 2008

Install Certificate Package

A couple of days ago, I made a post to help you understand the self-issued certificates.  Today I wanted to extend on that and show what's been built for 2008 to help you install the self-issued certificate.  If you open the Company Web Site inside the company, you'll notice an announcement that tells users how to obtain this package.  They can browse to "\\contoso-server\users\public downloads" on the server and obtain the zip file shown on the left.  This zip file can then be copied to a USB key or floppy drive and taken to the remote PC.  Alternatively, it can be run inside the network to install the certificate onto a Windows Mobile device that is connected to the user's PC.  It is not necessary to use this package on client computers that are joined to the domain because Group Policy will push the certificate to these client computers, for the case of a laptop that leaves the domain, it will already have the certificate installed in the trusted root store.

One thing to note, is that each time the Fix My Network wizard is run, it checks the validity of the certificate, if it's invalid, it'll go ahead and re-create the certificates and fix everything up for you.. including dropping a new package to the Public Downloads share.

Once you have the tool at the remote location, un-zip it, and run it.  The tool is very simple, and runs on XP SP2 or higher clients, including Vista.  When you run it, you will see the following UI:


As you can see from the screen shot, you can install the certificate on the remote PC, or any device running Windows Mobile 6.

While using self-issued certificates got easier with 2008, its still a pain to have to install the certificate every 5 years onto remote devices, it's far easier to use a Trusted Certificate.


jase said...

First, let me say that you are an absolute hero for any IT person trying to understand the entire security certificate issue. Thank you for your blog.

Second, I was wondering if you blog about intermediate certificates like the ones GoDaddy! provides? I have looked for, but could not find, a reference to how SBS 2008 deals with intermediate certificates and their distribution. I have also looked for an explanation of wildcard vs. ucc certificates.

I really appreciate your straight-forward writing style and your insight in general, thanks again.


Anonymous said...

Brilliant, this is the document I have been looking for.

Anonymous said...

how would i install this on windows 7 pro

Sean Daniel said...

If you're seeing a bug with this, feel free to post it up on It should work. As a work around, feel free to just import that certificate manually (by double clicking on it) into your personal trusted certificate store.