Solved

Need to replace self issued certificate with 3rd party certificate - questions

Posted on 2006-11-09
12
377 Views
Last Modified: 2010-04-18
Hello,

When we were poor and cheap we created a self issued security certificate for SSL access to our OWA site.  It is now time to replace that certificate with a 3rd party certificate.  However, I no longer see the options to create the CSR to request the certificate.  Do I need to delete our existing certificates in order to create a CSR for a new one?  What am I missing here?

Thank you,
0
Comment
Question by:caw01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 9

Expert Comment

by:trenes
ID: 17907763
Hi Iamagrump,

To use the Wizard, open IIS Manager, expand all local computer folders, and then expand the Web Sites folder. Right-click the Web site for which you want to obtain a certificate, and then click Properties. On the Directory Security tab, under Secure communications, click Server Certificate. On the first page of the Wizard, click Create a new certificate. Follow the steps in the Wizard to create the certificate.


Hope that helps you Iamagrump
regards,

Trenes
0
 
LVL 9

Expert Comment

by:trenes
ID: 17907770
You mean is it gone from there?

regards,

Trenes
0
 
LVL 17

Accepted Solution

by:
John Gates, CISSP earned 500 total points
ID: 17907804
You will have to delete and create a new certificate request because the CSR will need to have vaild information that your self signed certificate did not require.  You should coodinate this so that your system is not without SSL for too long.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:caw01
ID: 17912271
Can I install a CA on another server so that I do not have to remove my certificate until I have the new one?  Then once I have the new one, I can just install it on my server and I'm good, right?  ehh?
0
 
LVL 17

Expert Comment

by:John Gates, CISSP
ID: 17913920
You can create another dummy website on the same server generate the request with the proper site name then install the cert on the real site.  I would not use an entirely different server.
0
 

Author Comment

by:caw01
ID: 17922361
How can I change the Organization name on my server?  The have Inc. on the end of our whois instead of Corporation, so I need to change it because the request does not match the whois record.

0
 
LVL 17

Expert Comment

by:John Gates, CISSP
ID: 17922375
Can you clarify that with some actual output so I can help you?
0
 

Author Comment

by:caw01
ID: 17922397
Yes.  I am clicking to "renew" my certificate in the IIS Server Certificate screen.  When it creates the certreq.txt file, it is creating it with an organization name of Acme Services Corporation.  The 3rd party verify will not issue the certificate, because the whois record for our domain is Acme Services, Inc.

So the 3rd party verifier will not issuer the cert because the whois and requestor name don't match.

0
 

Author Comment

by:caw01
ID: 17922409
Do I need to delete the existing cert altogther?  I can't remember when it asked for the company name. I was hoping to just have my existing cert renewed with the 3rd party.
0
 
LVL 17

Expert Comment

by:John Gates, CISSP
ID: 17922439
You are getting a new cert from a 3rd party vendor.  You can't click renew because your current cert is self signed.  You are better off removing the current self signed certificate on the site and generate a brand new certificate request with the right info then install the 3rd party certificate when you get it and you are done.

0
 

Author Comment

by:caw01
ID: 17935047
Mental note:  Verify your WHOIS record before submitting a new CSR.  I had to wait until today to get our ssl back up and running because our WHOIS record had a previous address and the incorrect Company name.
0
 
LVL 17

Expert Comment

by:John Gates, CISSP
ID: 17937626
Glad it is all working for you now :-)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question