7 Replies Latest reply on Nov 17, 2008 11:00 PM by mrgui

    Web Recovery

      I'm managed to get the WebRecovery up and running once with the test cert but following removal and installation of our own cert the Safeboot HTTP Service won't start. I've tried reinstalling the Test cert again but the web service starts but closes straight away. Anyone got any ideas?
        • 1. RE: Web Recovery
          Solved it for the moment. reinstalled the test cert and the service restarted ok
          • 2. RE: Web Recovery
            mnovelle
            Did you set the Server.Ssl.CertName variable to the hostname used in the cert in the sbhttp.ini file?
            • 3. RE: Web Recovery
              HenryC
              hi,
              one question, where you get the certificate? I thought, SafeBoot only accept Verisign and SafeBoot's...
              I will also recommend to enable the following options in sbhttp.ini to debug your problem...
              Server.Log.FileName=/xxx.log
              Server.Log.Flags=00000005
              (or some other level of log...)
              • 4. RE: Web Recovery
                You can generate your own certificate. You just need to add your internal CA to the trusted certificates (for whole server or the SB service). You will have to import the certificate into the SafeBoot web service itself. Make note of the name you give the certificate (subject), because that is how you reference it in SBHTTP.INI

                I can put in more specifics, but I don't have that documentation with me at the moment.

                We did our own certificate (not verisign). Putting your own certificate in helps get rid of the untrusted site warning on IE 6 and complete failure on IE 7.

                As far as the freebies that come with SafeBoot, the current SafeBoot CA expired on 20Apr2008 and the server certificate (127.0.0.1) expires next year (I think).
                • 5. RE: Web Recovery

                  How to generate SSL Certificate for safeboot using Microsoft CA? Any advise?
                  • 6. RE: Web Recovery
                    just create a server auth certificate, with the name being the full name of your server as the users will use (eg if the address is https:\\myserver.mycompany.com then the server name will be myserver.mycompany.com.
                    • 7. RE: Web Recovery
                      You then import it into the SafeBoot server like the built-in generic cert (only properly named). If I remember correctly, the certificate file must be in PFX format. Your Certificate Server admins should know how to do that (if not, you can convert it yourself using OpenSSL). Just make sure that you renew it before it expires, because it is easy to forget about that X years later.

                      Be sure to set your HTTP.INI (or the other one named similar, can't remember) to use the new certificate name.