This content has been marked as final. Show 7 replies
Solved it for the moment. reinstalled the test cert and the service restarted ok
Did you set the Server.Ssl.CertName variable to the hostname used in the cert in the sbhttp.ini file?
one question, where you get the certificate? I thought, SafeBoot only accept Verisign and SafeBoot's...
I will also recommend to enable the following options in sbhttp.ini to debug your problem...
(or some other level of log...)
You can generate your own certificate. You just need to add your internal CA to the trusted certificates (for whole server or the SB service). You will have to import the certificate into the SafeBoot web service itself. Make note of the name you give the certificate (subject), because that is how you reference it in SBHTTP.INI
I can put in more specifics, but I don't have that documentation with me at the moment.
We did our own certificate (not verisign). Putting your own certificate in helps get rid of the untrusted site warning on IE 6 and complete failure on IE 7.
As far as the freebies that come with SafeBoot, the current SafeBoot CA expired on 20Apr2008 and the server certificate (127.0.0.1) expires next year (I think).
How to generate SSL Certificate for safeboot using Microsoft CA? Any advise?
just create a server auth certificate, with the name being the full name of your server as the users will use (eg if the address is https:\\myserver.mycompany.com then the server name will be myserver.mycompany.com.
You then import it into the SafeBoot server like the built-in generic cert (only properly named). If I remember correctly, the certificate file must be in PFX format. Your Certificate Server admins should know how to do that (if not, you can convert it yourself using OpenSSL). Just make sure that you renew it before it expires, because it is easy to forget about that X years later.
Be sure to set your HTTP.INI (or the other one named similar, can't remember) to use the new certificate name.