The Add a Trusted Certificate wizard goes a long way towards creating a proper CSR (Certificate Signing Request) to send to an SSL certificate vendor to get a valid third-party SSL cert for your SBS 2008 server. However, there are a couple of gotchas you need to watch out for.
First, you must put in the proper DNS name for the server when requesting the cert. This may seem obvious, and the Add a Trusted Certificate wizard does pre-populate the field with the domain name you specified in the Set Up Your Internet Address wizard. But if the DNS name does not match exactly what users type into their browsers to get to the SBS 2008 server, you may as well have stuck with the self-generated cert.
Second, in the US, when you enter the State into the form, SPELL IT OUT. Do not use the two-letter state abbreviation. Legit SSL cert providers will choke on an abbreviated state name and not allow you to complete the certificate request. [Note: the last time I had this issue, GoDaddy did not correctly verify this information in a CSR I had created and allowed me to continue to the next phase of the cert request, Thawte did check the field value and rejected the abbreviated state name.]
Fortunately, Thawte provides an online tool to validate the CSR before you submit it for a cert. Once you generate the CSR from the Add a Trusted Certificate wizard, plug the CSR into the Thawte form to ensure that the CSR has been properly formatted. If there are any problems, the tool will let you know and you can go back and correct it.
Fortunately, the Add a Trusted Certificate wizard is an easier way to generate the CSR than what we had in SBS 2003, but it’s still a good idea to validate the CSR before submission to your SSL vendor.