robertsgroup33
asked on
Expired Exchange 2003 Self Signed Certificate
Hello,
I have an expired self signed certificate in IIS that I use for RPC over HTTP and OWA. I need to renew the cert without having to reinstall the cert on all the laptops using RPC. I tried going through the wizard in IIS but when I click renew the only option I have is "Prepare the request now, but send later" the "Send request immediately" is greyed out. Am I going about this the correct way?
I have an expired self signed certificate in IIS that I use for RPC over HTTP and OWA. I need to renew the cert without having to reinstall the cert on all the laptops using RPC. I tried going through the wizard in IIS but when I click renew the only option I have is "Prepare the request now, but send later" the "Send request immediately" is greyed out. Am I going about this the correct way?
ASKER
We use self signed certs. I know we should be using certs from third party companies, but using the self signed ones worked for us far and I'd rather stick with the self signed ones.
Found this here: http://www.mail-archive.com/openssl-users@openssl.org/msg52299.html
1: Assuming that you've got a sane key length (RSA 1024 or greater),
just create a new, self signed certificate with a new validity period
and the exact same name as your old one. That way, you'll be able to
just keep issuing CRL's with the same keys, and nothing will break.
You'll have to distribute out the new certificate to your relying
parties, but you'll have to do that no matter what you do.
Might be a good time to implement a legit Cert if the above doesn't work? We just bought one from GoDaddy and it was under $20
1: Assuming that you've got a sane key length (RSA 1024 or greater),
just create a new, self signed certificate with a new validity period
and the exact same name as your old one. That way, you'll be able to
just keep issuing CRL's with the same keys, and nothing will break.
You'll have to distribute out the new certificate to your relying
parties, but you'll have to do that no matter what you do.
Might be a good time to implement a legit Cert if the above doesn't work? We just bought one from GoDaddy and it was under $20
ASKER
Unfortunately using anything but a self signed cert right now is not an option. I tried making a new cert but the "Send Request Immediately" is greyed out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
give this a shot...