SBS 2011 Essentials – Manually Installing SSL Certificate

sbse-conI have been spending some time answering questions in the SBS Essentials forum over at TechNet recently, and i noticed that there is still a lot of outstanding questions and issues with the Remote Access wizard for SBS Essentials, especially surrounding installing an SSL Certificate.

One of the big headaches comes when you have a domain with one of the ‘supported’ registrars, Enom or GoDaddy.

The wizard is designed to push you over to purchase your SSL Certificate from them, if it detects your Domain as being with them, and sadly you don’t get the option to chose a manual installation.

This is a real pain when their service is down or not working, as i have experienced myself a few times. Trying to get supported by Enom was a little painful, and they even pointed me back to one of my own blog posts as a possible solution for how to ‘properly configure’ RWA.


I can see why it is difficult, there is probably only a small team inside each of those companies that is aware of SBSe and the Wizards integration to their SSL platform, and when your domain and SSL have actually been purchased correctly, they rightly suggest the issue is with SBS and point you to MS for support.

Anyway, because of this, and some other challenges people have faced, the Official SBS Blog posted up a really handy guide on how to get the wizard to allow you to install your own certificate.

You can read that here.

Being the huge PowerShell fan i am, and having little else to do with myself that day, i decided to see if i could write a little script that would automate this process as much as could be done. So i did.

You can download the script from here.

You will need to have a PFX file of your certificate available, and know the password to the file as well.

Edit the PS1 file to include your certificate file path, and password.



To run the Script you will need to load the SBS Essentials PowerShell ‘As Admin’ from,

C:\Program Files\Windows Server\Bin (WSSPowerShell.exe)


Navigate to the folder your script is saved in.

To execute the script enter .\”Manual SSL Installation Script.ps1”


You will see a few lines report what the script is doing – then the SBS Essentials Dashboard will launch.

You now need to run the wizard and configure your domain name.

If your domain is with Enom or GoDaddy and you hit this page, don’t worry about actually going to the site it suggests, as it is not required. Just click to the link to go to the page, then close the window. In the wizard, then ‘next’ button is now active and you can continue on.


The rest of the wizard executes as normal, the difference is the SSL process is removed.


Tthe wizard will issue a Self Signed certificate, bypassing any issues with our SSL provider,


Close the dashboard, and press any key in the PowerShell window to continue.

The script will now go ahead and import your SSL PFX file, in to IIS.

You will need to manually type, both the path and the password as a verification.

9.SSL Installed

Once you enter the path and password the process is complete.

You can press any key to complete the script and then close PowerShell.


Your trusted SSL is now installed and the RWA site will function correctly.

Hope this was useful!

If you liked the script please rate it on the TechNet Gallery

About Robert Pearman
Robert Pearman is a UK based Small Business Server enthusiast. He has been working within the SMB IT Industry for what feels like forever. Robert likes Piña colada and taking walks in the rain, on occasion he also enjoys writing about Small Business Technology like Windows Server Essentials or more recently writing PowerShell Scripts. If you're in trouble, and you can find him, maybe you can ask him a question.

4 Responses to SBS 2011 Essentials – Manually Installing SSL Certificate

  1. rapidssl says:

    Excellent! we have just resolved our SSL installation issue with your step by step guidance for SSL installation. Thank you so much and we are sharing this on our social. Looking for some more post on code signing ssl.

  2. Daniel says:


    Thanks for sharing, I Hope this is going to help. However how do I get the PFX file and password? Do I have to convert my 2 certificate files?
    Help would be appreciated.



    • Which 2 files do you have?

      If you have a working ssl cert on a server if you export it with the private key, that will be a PFX file.

      A cert is usually split into two files on windows, only during the request process. A CSR file (request) is generated and then sent to the certificate authority. The cert is issued, then they send either a CRT file, or simply some text in an email, that you can copy and paste into any file, usually a txt file.

      You then tell IIS where that response file is, and then the certificate is created.

      On an Apache server the cert generally stays in 2 separate files, but not sure that is relevant here.

  3. Daniel says:

    Hi, I exported the installed certificate to .pfx via IIS7 and followed your tutorial. It’s working and it’s up and running! Thank you, I appreciate it!

Leave a reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: