HP 1.3-R1 Update delivers signed SSL certificate from TZO

by Alex Kuretz on January 22, 2009 · 12 comments

in News

If you’ve used the Remote Access features of your MediaSmart Server with a TZO domain name, no doubt you’ve encountered the Certificate Warning as shown below in Internet Explorer and Firefox.

IE Certificate Warning

IE Certificate Warning

Firefox Certificate Warning

Firefox Certificate Warning

This issue also affected users of the Homeserver.com domain provided by Windows Home Server until a few months after the initial release when they began delivering an SSL certificate for your domain name. Along with all the other new features, the certificate issue has been resolved in the new EX485 and EX487 MediaSmart Servers, and HP has begun sharing the first of those upgrades with the current EX47x owners.

HP and TZO are now delivering a Comodo issued 5 year signed SSL certificate so that users of the TZO domain name no longer experience these warnings. This certificate has an advantage over the Homeserver.com offering, as the cert also includes valid names for localhost and your server’s NETBIOS (the name you gave your server at initial setup) name for local LAN access.

Certificates on the MediaSmart Server

Certificates on the MediaSmart Server

If you already have a TZO domain you will need to visit the Domain Name section of the Remote Access settings tab, and either select Change, or Unconfigure and then Configure the domain name again to pick up the certificate.

Configure your Domain Name

Configure your Domain Name

This is a nice gesture from HP showing that they haven’t forgotten the original MediaSmart Server customers. Thanks HP and TZO, for making our MediaSmart Servers that much easier and nicer to use!

Additional thoughts
WARNING:I’m not an expert on IIS or certificates, so if you decide to follow my steps below you do so at your own risk. My server works fine after performing the following operations, but it is not necessary to do these steps, your server will work fine by simply installing the 1.3-R1 update and reconfiguring your TZO domain to get the new signed cert. I only did this because I like to try new things on my server and didn’t like the RDP certificate warning.

I did encounter a minor issue with the installation of the new certificate. It seems HP neglects to remove the old certificates configured on the server, and so when making a Remote Desktop Connection from Vista you are presented with a certificate warning.

Vista Remote Desktop Connection Certificate warning

Vista Remote Desktop Connection Certificate warning

I was able to resolve this by deleting the certificate under the HPMSSKeys store and the HPSERVER and SERVERNAME (where SERVERNAME is the name you gave your server at initial setup) keys from the Personal store. After removing those certificates, I still get an identity warning prompt but the certificate warning is gone.

Vista Remote Desktop Connection Identity warning

Vista Remote Desktop Connection Identity warning

However, this removes the certificate that Windows Home Server uses for secure communication and will break the ability to join additional clients. To resolve this issue, I had to replace the certificate that is configured to work with IIS.

IIS Configuration

IIS Configuration

Here are the steps to update IIS to use the new certificate.

  • Access your server via Remote Desktop
  • Right-click “Computer” and select Properties
  • Expand “Services and Applications”, then expand “Internet Information Services”
  • Right-click “WHS site” and select Properties
  • Select Directory Security tab, then click “Server Certificate”
  • Click “Next”, then “Replace the current certificate”, then select the “PositiveSSL” certificate and click “Next”
  • Click “Next”, then “Finish”

Note that this is a very minor issue and likely won’t affect most users. Unless you feel comfortable manipulating your certificates I would advise you to not make this change. If you do decide to view the certificates on your home server, here are the steps you’ll need.

  • Access your server via Remote Desktop
  • Click “Start” and then “Run”
  • Type “mmc” without the quotes
  • Click “File” and then “Add/Remove Snap-in”
  • Click “Add”, select “Certificates”, and click “Add”
  • Select “Computer Account”, then click “Next”, then click “Finish”
  • Click “Close”, then click “Ok”
  • You should now be able to view your certificates

Reminder: you do this at your own risk.





Article by

I'm Alex Kuretz, and I'm the founder of MediaSmartServer.net. I was the Lead Test and Integration Engineer at HP for the MediaSmart Server until April 2008 when I moved on to other opportunities outside HP. I've kept active in the Windows Home Server community, creating several add-ins and helping users make the most of their Home Servers.


{ 9 comments }

Eric at TZO January 23, 2009 at 9:18 am

Thanks for the update Alex, we’ve been working hard with HP and Comodo to supply these certs for both new and old MediaSmart customers.

One note: If you have a HP Personal Domain name and update to the new 1.3R1 update, you should perform an UNCONFIGURE and then simply step through the Hp Personal Domain selections again. The data will all be saved and you’ll just need to hit NEXT at each screen. This will bring down the new cert when this is completed. Please note that it takes about 30 seconds after the final NEXT/OK to install the certificate. If you attempt to load your browser with the domain name during this process, you may get a security warning. Please wait 1 min before attempting to connect to your server via SSL

Eric at TZO January 23, 2009 at 11:01 am

Details on the SSL Certificates are at a new page at TZO.COM

http://www.tzo.com/MainPageSupport/HowToPage/HowToHPMediaSmartServer-SSL-Tips.html

Gary Manuse January 23, 2009 at 2:59 pm

Thanks for the details. Did everything you said; and it worked great!

Alex Kuretz January 24, 2009 at 1:30 am

Thanks Gary, this is great to hear. I have to admit to a bit of trepidation whenever I tell users how to do something that may break their servers. :D

Lars Hoffmann January 24, 2009 at 6:47 pm

Thanks to TZO and HP for giving all MSS users this gift. This truely improves the experience because Webshare users don’t see the annoying message anymore.

James Wolfe January 25, 2009 at 1:23 am

Sorry, this did not work for me. First, the update caused the console to freeze, which required a rdc login to reboot. Then I “unconfigured” my hphomeserver.com domain and stepped through the prompts (as Eric at TZO described) to re-aquire the new certificate, but the certificate security error still occurs. Have I done something wrong?

Ivan January 25, 2009 at 10:10 pm

Worked great for me. Much better experience when accessing the server remotely. Thanks for sharing.

Alex Kuretz January 28, 2009 at 1:36 am

Hi James, I’d suggest if you’re still having issues that you post a topic in the Troubleshooting forum, or add on to one of the existing topics about the 1.3-R1 update. This way the entire MSS.net community can help you troubleshoot and hopefully we can get things working.

Alex

Glyn Hughes February 23, 2009 at 1:19 am

As Eric from TZO has posted in this thread I thought I would post my own experience of the once excellent TZO Support experience as Eric obviously does not read emails arriving at TZO HQ.

24/1/09 SSL Certificate update failed. TZO domain expiry went from 32+ weeks to 3 days. And no SSL Certificate.

26/1/09 Emailed TZO as all attempts to resolve had failed. Received Auto-Reply with case number.

27/1/09 Domain now expired. No Remote Access, Photo Webshare, Websites etc. Critical warning from MSS & red LED on for 1st time in over 12 months.

29/1/09 Reminder sent as apart from original auto-responder I had heard nothing in the 5 days since Auto-Responder.

30/1/09 Yet another reminder sent as no remote access issue really starting to bite.

1/2/09 First reply! TZO are working closely with HP to resolve SSL issue. Allegedly. Yet still ignored my domain name expiry issue. So I emailed them again.

2/2/09 Nearly a week since domain expired. TZO replied and made 23 day temporary extension to domain name. Still not working though.

3/2/09 Remote Access now working again, quote; ‘after some digging’. Promised some extra time due to issues.

10/2/09 Sent reminder asking if there was any news regarding the SSL Certificate issue? Ignored by TZO.

18/1/09 Sent yet another reminder asking for update on SSL Certificate issue as I am now down to 8 days before temporary domain name expiry. Ignored yet again by TZO

23/2/09 Still no response from TZO. Temporary domain name expiry now down to 3 days. What next Eric?

Comments are closed, visit the forums to continue the discussion.

{ 3 trackbacks }

Previous post:

Next post: