Jump to content
RESET Forums (homeservershow.com)

Anywhere Access SSL issue


Recommended Posts

wiseguju

I have recently replaced my WHS 2011 with server 2012 r2 essentials.  It's a clean install.  The router on the network is Netgear r7000 with upnp enabled and also static IP assigned to server and ports 80 and 443 forwarded as well.

 

The issue is that the website sets up without issues.  But when I go to access the site, I have certificate issue stating that it does not match the site address.  I created the CSR request through the wizard for anywhere access and get the certificated issued from GoDaddy.  When I map the hostname to IP from outside the network, it is pointing at the wrong IP address.  I am dumbfounded as to where the CSR on server 2012 is pulling that IP address from.  I have talked to GoDaddy for support and they have said that the server is creating the CSR request so it is issue with the server and they do not support that. 

 

So for example my issue is as follows :

 

My external IP is 123.456.78.99 , but when the server generates the CSR which is sent to GoDaddy for certificate,  they have told me that it has completely different IP address configured and not my current IP address.  The particular IP address configured is my old IP address which I lost when we had power outage and I was assigned the current IP from my ISP.  The weird thing is that server 2012 did not exists when this happened so how is it that a new/clean install of server 2012 keeps finding that old ip address during the CSR creation?

 

I am stumped with this issue and unable to use my hostname to access the site and instead have to use actual ip address to connect to the site and even then have to deal with the certificate error as it hostname does not match the ip address i'm trying to access. 

 

I'm hoping someone has faced this issue before and is able to give some guidance in fixing it.  Thanks in advance.

Link to post
Share on other sites
jmwills

There are several threads on the Forums regarding using GoDaddy Certs and AnyWhere Access.  Not saying it can't be done but it seems to be a pain.

 

https://social.technet.microsoft.com/forums/windowsserver/en-US/42a01278-9283-49a8-91f4-0cf4b003fb6c/godaddy-anywhere-access-setup. One thing to note in the article is it refers to a firewall issue, this may or may not be your problem.

 

http://blogs.technet.com/b/sbs/archive/2011/08/04/how-to-install-your-existing-certificate-into-sbs-essentials.aspx Both articles refers to SBS Essentials but this is bascially the same as the SKU you are trying to install.

Link to post
Share on other sites
Drashna Jaelre

You also need to install GoDaddy's Intermediate Certification Authority to get this working properly ,IIRC.

 

https://support.godaddy.com/help/article/4801/installing-an-ssl-certificate-in-microsoft-iis-7

 

 

If you're using the Anywhere Access wizard, once you've installed the intermediate CA installed, it should import and configure it automatically.

Link to post
Share on other sites
wiseguju

So I have tried and exhausted all that was suggested.  The issue still remains.  For some reason when the CSR is generated for certificate request by server 2012 it is not providing the correct IP address in the CSR.  I have verified with GoDaddy support and they have looked at the CSR generated from the server and uploaded through the request process and it is providing the wrong IP address in the request so the issue is not with the certificates i'm using.  As if I use the actual IP address then am able to connect to the site but the domain address points to the IP address which was provided by the CSR request generated by windows server 2012. 

 

This is a unique issue that has me stumped big time.  :(   

Link to post
Share on other sites

My first thought is why are you trying to generate a CSR that includes the IP at all, especially since it sounds like you don't have a static IP?  If I'm reading other things in your posts correctly, every time there is a power outage or your router needs to reboot for some reason, you run the risk that your IP will change and the certificate will no longer be valid.  You should be able to issue the certificate for the fully qualified domain name (FQDN/hostname) you what to use (assuming it's a valid public FQDN).  Then as long as you can update the IP address of that name, you'll be able to connect to it no matter what your IP address does.

 

I believe that Server Essentials gets the IP address of the router through uPNP, so maybe the uPNP daemon on the router is locked up and reporting the wrong IP address?

 

I also find it weird that godaddy is even issuing certificates that are only bound to an IP and not to the domain name.

  • Like 1
Link to post
Share on other sites
  • 3 weeks later...
LoneWolf

Andne is right -GoDaddy should issue you a certificate bound to the domain name, not to an IP address.

 

As said, it sounds like you don't have a static IP, so even if you could get this sorted out by IP, all it would take is losing that IP for everything to break again.

Edited by LoneWolf
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...