• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

How do I add a certificate to IIS 6.0 after deleteing the request

Here is my issue,
We have a hosted server running IIS 6.0. Win2003. Our customer wants us to use a cert from their CA. It will take them three days to process the request. They need to use the server immediately and want me to install a temporary cert for the three days.

However after I generate the request for a new certificate, the IIS server stays in a state where it is waiting for the request to be processed. The only options available are to delete the pending request or complete the pending request.
I need to be able to add a temporary cert for a number of days while the customer are processing their cert. I then need to to remove the temporary cert and add the customers cert.
It doesn't seem like this is possible. Is there a tool other than the IIS security tool that would enable me to do this?
If I delete the pending request I will be unable to install the cert when the customer sends it to me.
0
saunders4tom
Asked:
saunders4tom
  • 2
1 Solution
 
Joseph_MooreCommented:
In IIS 4 and IIS 5, to do what you are suggesting means that you would need to delete the pending request, issue a new request, process that new request in your local certserv, apply the homemade cert on the IIS box, THEN issue a new pending cert request to be processed by the real CA.
For IIS 6, I do not know if it works the same, but I am gonna "assume" so (with all the perils that entails!).
You would need to delete the pending cert request that the CA is currently processing. Then make a new pending....

wait a second, now that I think about it.

There is nothing in the current pending cert request that would prevent it from being used by your local cert server and issue a cert based off of it.
But then, when the CA finally issued their cert, your choices then would be to either Remove the current homemade cert or request a New pending cert request. Either method would not let you use the CA issued cert.
So, no, I still don't think you can do what your customer suggested. It would invalidate the cert the CA is making.

Now, I do know you can pay more money and get cert request expedited. I did this with Verisign once, and got a cert in 24 hours (a little less, actually, from faxing the PO over to them until I had the cert in my  e-mail). So, did you look that option up?
0
 
Sebo2000Commented:
Recreate the reuest one more time and it shoud work with no problems.
0
 
Sebo2000Commented:
Glad I could help, it worked for me a few times.
Take Care
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now