1

I want to use certificates to authenticate both client and server for a new internal service.

Since all our servers already have the SBS (2011 Standard) server's Cert installed as a Trusted Root, getting it to issue the new certificates seems like the right way to go.

All the documentation seems to indicate I should browse to SbsServer/certsrv but there's nothing at that address. I've tried adding all the Role Services through the ferature manager that seem like they may be relevant, but still nothing.

Do I need to use the web front-end to issue certificates? If so, how can I enable it? If not, is there a wizard I can use?

Bret Fisher
  • 3,973
  • 2
  • 21
  • 25
Basic
  • 426
  • 2
  • 9
  • 23
  • 1
    What specific version of SBS? The low-end one (essentials?) won't, period. – HopelessN00b Aug 01 '12 at 01:22
  • @HopelessN00b My apologies, I should've mentioned. It's "SBS 2011 Standard. Initially a trial installation then upgraded to Partner Network license. – Basic Aug 01 '12 at 02:25

1 Answers1

2

/certsrv is one of a few ways you can manually request certificates from a client. It's kind of the legacy way in Vista and newer. If you wanted to manually request a computer certificate on Vista/Win7:

  • Open a MMC
  • Add Certificates snap-in for Computer
  • Under Personal/Certificates, r-click and choose Request New Certificate
  • You should see a policy in the wizard you can use and should then see Computer certificate

The best way is to do it automatically through GPO. For computer certificate auto enroll:

  • Edit the Default Domain Policy (GPO)
  • Under Windows Settings > Security Settings > Public Key Policies
  • Open Certificate Services Client - Auto-Enrollment Properties and enable it, and check both boxes

On server you should have one or more MMC consoles for Certificate Services management, not sure if SBS2011 pulls those into it's mgmt GUI or not.

Bret Fisher
  • 3,973
  • 2
  • 21
  • 25