I'm managed to get the WebRecovery up and running once with the test cert but following removal and installation of our own cert the Safeboot HTTP Service won't start. I've tried reinstalling the Test cert again but the web service starts but closes straight away. Anyone got any ideas?
hi, one question, where you get the certificate? I thought, SafeBoot only accept Verisign and SafeBoot's... I will also recommend to enable the following options in sbhttp.ini to debug your problem... Server.Log.FileName=/xxx.log Server.Log.Flags=00000005 (or some other level of log...)
You can generate your own certificate. You just need to add your internal CA to the trusted certificates (for whole server or the SB service). You will have to import the certificate into the SafeBoot web service itself. Make note of the name you give the certificate (subject), because that is how you reference it in SBHTTP.INI
I can put in more specifics, but I don't have that documentation with me at the moment.
We did our own certificate (not verisign). Putting your own certificate in helps get rid of the untrusted site warning on IE 6 and complete failure on IE 7.
As far as the freebies that come with SafeBoot, the current SafeBoot CA expired on 20Apr2008 and the server certificate (127.0.0.1) expires next year (I think).
just create a server auth certificate, with the name being the full name of your server as the users will use (eg if the address is https:\\myserver.mycompany.com then the server name will be myserver.mycompany.com.
You then import it into the SafeBoot server like the built-in generic cert (only properly named). If I remember correctly, the certificate file must be in PFX format. Your Certificate Server admins should know how to do that (if not, you can convert it yourself using OpenSSL). Just make sure that you renew it before it expires, because it is easy to forget about that X years later.
Be sure to set your HTTP.INI (or the other one named similar, can't remember) to use the new certificate name.