Manage Self-Issued Certificates

Applies To: Windows SBS 2008

Because of the cost of purchasing trusted certificates, many small businesses use the self-issued certificate to help secure remote access to their network. A self-issued, certificate is warranted by the person or entity who created the certificate.

During installation, Windows SBS 2008 creates the root certificate by using the internal domain name and then stores it in the certificate authority. The certificate authority pushes the certificate via a Group Policy object to all client computers that are joined to the domain.

When you finish running the Internet Address Management Wizard, Windows SBS 2008 creates a leaf certificate by using the Internet domain name that you set up. This self-issued certificate is used to help protect remote access to your network that uses Remote Web Workplace, Microsoft® Office Outlook® Web Access, or Office Outlook Mobile Access.

The self-issued root certificate is a 1024-bit key that is issued for five years. Before the expiration date, you receive a warning that the self-issued certificate is expiring. When you receive the warning, you must run the Fix My Network Wizard to renew it, and redistribute the root certificate to all the remote client computers and devices. The leaf-certificate will automatically renew every two years and does not affect your users’ connectivity to the server. For information about running the wizard, see Fixing Network Problems, later in this document.