Jump to content
RESET Forums (homeservershow.com)

Certificate Error


whsvet
 Share

Recommended Posts

Guys,

I had this (somewhat minor) issue with WHS v1 and now with Vail. When I try to connect to the Console (v1) or Dashboard (v2) through my Remote Web Access webpages, I receive the certificate warning, stating "This certificate is not from a trusted certifying authority." I have tried the "Install Certificate" options, but continue to receive the error. It is no problem to click through, and I know I can allow it to be ignored, but I just dislike error messages! It seems rather inelegant. Is there a way to fix this? I hope this topic has not been discussed previously; I searched the forums and did not find it. Thanks in advance for any advice.

Link to comment
Share on other sites

Guys,

I had this (somewhat minor) issue with WHS v1 and now with Vail. When I try to connect to the Console (v1) or Dashboard (v2) through my Remote Web Access webpages, I receive the certificate warning, stating "This certificate is not from a trusted certifying authority." I have tried the "Install Certificate" options, but continue to receive the error. It is no problem to click through, and I know I can allow it to be ignored, but I just dislike error messages! It seems rather inelegant. Is there a way to fix this? I hope this topic has not been discussed previously; I searched the forums and did not find it. Thanks in advance for any advice.

 

Is this homebuilt server, or one of the OEM ones? It seems you are missing the root-certificate of the entity that has created the certificates of your server.

Link to comment
Share on other sites

Both my WHS v1 and Vail boxes are home builds.

 

I can find a certificate that contains the name of my server located in the both "Trusted Root Certification Authorities" and "Intermediate Certification Authorities" stores.

Link to comment
Share on other sites

I have this problem too. I have 'installed' the certificate into my Trusted Root Authorities store more times than I can count, to no avail. Since these are my own boxes, I naturally just click past the warning message but 1) it's annoying and 2) with Strict Transport Security coming on, clicking past a warning won't be possible, so I would like to find a resolution.

Link to comment
Share on other sites

The only other thing that comes to mind would be an expired cert for that site. If the dates are valid then I would remove all associated with the servers and reinstall them which is done during the client connection process if I am not mistaken,

Link to comment
Share on other sites

ikon: Thanks! I was beginning to think I was the only one having this issue! I may have found a fix for this, after much trial and error, and a good amount of searching. I now have 2 of my client computers connecting without the certificate error message, but I have run into some other snags. When I get it worked out (may be a few days), I'll post the steps here for all to critique. This fix seems to have worked on a homebuilt Vail server and two Win 7 clients.

Link to comment
Share on other sites

ikon: Thanks! I was beginning to think I was the only one having this issue! I may have found a fix for this, after much trial and error, and a good amount of searching. I now have 2 of my client computers connecting without the certificate error message, but I have run into some other snags. When I get it worked out (may be a few days), I'll post the steps here for all to critique. This fix seems to have worked on a homebuilt Vail server and two Win 7 clients.

 

I too made some progress, even if only a little. You inspired me to get off my lard-loaded-lounger. Anyway, all I did was fix webmail access to my email server. The server uses a self-signed cert. I simply copied the cert file to my PC & double clicked on it to install it. I added it to the Root Authority. One down, around 3 more to go. :)

Link to comment
Share on other sites

Ok, guys, here is the protocol I used to install into a Win 7 client the correct certificates for logging into WHS Vail. Installing certificates using the "Install Certificate" buttons just would not work for me. It seems that such a button would do what it says it does, but, ... oh, well. Be sure to do this on a secure local network, as you will be transferring your private certificate authority certs around in the clear! I have not tried this with WHS v1 or Win XP or Vista, but I would think the protocol would be very similar.

 

First, log into Vail using RDP (yes, click through the certificate error message by selecting the connect anyway option). Optionally, you can use an attached keyboard/mouse/monitor to log on.

 

In the Start menu search box, type "MMC".

 

mmc.exe will appear highlighted at the top of the popup list. Tap the "enter" key. A new console will open.

 

Left click "File" then select "Add/Remove Snap-in...".

 

In the left column, select "Certificates", then click "ADD>", then select "Computer account", then "Next", make sure "Local computer: (the computer this console is running on)" is selected.

 

Click "Finish", then "OK". The certificates branch is now added to the Console root.

 

Expand "Certificates", then expand "Trusted Root Certification Authorities". Another "Certificates" folder appears under this branch. Left click this "Certificates" item.

 

Several CA certificates will appear in the right pane. The one you want contains the name you gave your server when you set it up originally. Mine is named "VAILSERVER810-CA". Right click this certificate, then select "All Tasks" > "Export..."

 

The Certificate Export Wizard opens. Click "Next".

 

Make sure "DER encoded binary x.509 (.cer)" is selected, then click "Next".

 

Now Browse to a shared location on your client computer such as "Desktop" or "Public Documents" where you can easily find the certificate when you do the import steps that follow. You could use a cd, dvd, or usb drive for this transfer if you like. In the File name: box type the same name that is already given to the cert (in my case, "VAILSERVER810-CA") and click "Save". In the next window double check the path, then click "Next", then "Finish". The happy sign should appear: "The export was successful." Click "OK", then close the console. If you want, you can save this newly-created console on the server desktop for future use (other clients, mistypes,...), or just close without saving (you can recreate it if needed).

 

Log out of the Vail server. On your way to the client computer, stop by the refrigerator for your beverage of choice :rolleyes:.

 

Now, on the Win 7 client computer, logon with administrator privileges. In the Start menu search box, type "MMC".

 

mmc.exe will appear highlighted at the top of the popup list. Tap the "enter" key. Click through the UAC stuff. A new console will open.

 

Left click "File" then select "Add/Remove Snap-in...".

 

In the left column, select "Certificates", then "Add>".

 

Select "Computer account" in the "Certificates snap-in" window, then "Next"

 

Make sure "Local computer: (the computer this console is running on)" is selected in the next window, then click "Finish", then "OK".

 

A new branch appears under the Console root, named "Certificates (Local Computer)". Expand this branch, then expand "Trusted Root Certification Authorities" as above. A file named "Certificates" appears as above. Right click this folder, then select "All Tasks" > "Import..."

 

The Certificate Import Wizard opens. Click "Next".

 

Browse to the location of the cert you exported to this computer, and select it. Click "Next".

 

Select "Place all certificates in the following store" Browse to and select "Trusted Root Certification Authorities" store, click "OK", then "Next".

 

Review the info in the window to make sure it looks correct, then select "Finish".

 

You should now get the happy sign: "The import was successful". Click "OK". Close the console either saving or not depending on your preferences. I did not save mine, as they can be rebuilt as needed. You should also delete the ca cert from the export/import location, as the import process leaves a copy there.

 

At this point, you should be able to RDP in to the Vail server from this client computer, or connect to the Dashboard locally or through Remote Web Access from this computer without encountering the trusted certificate authority error.

 

I used a similar protocol to load RDP certificates from my other Win 7 clients, so that I no longer get this error when I RDP into them as well. If anyone is interested, I can post those steps as well.

 

As I stated at the beginning, I went through some trial and error. I exported/imported certs that appeared to do nothing, so I used the Certificate Console to delete them. I did not mess up anything that I have noticed yet. Just don't delete any certs you did not import!

 

Let me know how this works for you.

  • Like 1
Link to comment
Share on other sites

nice writeup. Thanks. Correct me if I'm wrong, but you're basically describing how to export a certificate from Vail and import into Win7. Out of curiosity, did you try to double-click the .CER file after copying the file to the Win7 puter, like I did for my email server's cert?

 

BTW, I stopped by your refrigerator but you didn't have my beverage of choice; try to keep it better stocked in the future, OK? j/k :D:rolleyes:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...