Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 382
  • Last Modified:

Need to replace self issued certificate with 3rd party certificate - questions

Hello,

When we were poor and cheap we created a self issued security certificate for SSL access to our OWA site.  It is now time to replace that certificate with a 3rd party certificate.  However, I no longer see the options to create the CSR to request the certificate.  Do I need to delete our existing certificates in order to create a CSR for a new one?  What am I missing here?

Thank you,
0
caw01
Asked:
caw01
  • 5
  • 5
  • 2
1 Solution
 
trenesCommented:
Hi Iamagrump,

To use the Wizard, open IIS Manager, expand all local computer folders, and then expand the Web Sites folder. Right-click the Web site for which you want to obtain a certificate, and then click Properties. On the Directory Security tab, under Secure communications, click Server Certificate. On the first page of the Wizard, click Create a new certificate. Follow the steps in the Wizard to create the certificate.


Hope that helps you Iamagrump
regards,

Trenes
0
 
trenesCommented:
You mean is it gone from there?

regards,

Trenes
0
 
John Gates, CISSPSecurity ProfessionalCommented:
You will have to delete and create a new certificate request because the CSR will need to have vaild information that your self signed certificate did not require.  You should coodinate this so that your system is not without SSL for too long.
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
caw01Author Commented:
Can I install a CA on another server so that I do not have to remove my certificate until I have the new one?  Then once I have the new one, I can just install it on my server and I'm good, right?  ehh?
0
 
John Gates, CISSPSecurity ProfessionalCommented:
You can create another dummy website on the same server generate the request with the proper site name then install the cert on the real site.  I would not use an entirely different server.
0
 
caw01Author Commented:
How can I change the Organization name on my server?  The have Inc. on the end of our whois instead of Corporation, so I need to change it because the request does not match the whois record.

0
 
John Gates, CISSPSecurity ProfessionalCommented:
Can you clarify that with some actual output so I can help you?
0
 
caw01Author Commented:
Yes.  I am clicking to "renew" my certificate in the IIS Server Certificate screen.  When it creates the certreq.txt file, it is creating it with an organization name of Acme Services Corporation.  The 3rd party verify will not issue the certificate, because the whois record for our domain is Acme Services, Inc.

So the 3rd party verifier will not issuer the cert because the whois and requestor name don't match.

0
 
caw01Author Commented:
Do I need to delete the existing cert altogther?  I can't remember when it asked for the company name. I was hoping to just have my existing cert renewed with the 3rd party.
0
 
John Gates, CISSPSecurity ProfessionalCommented:
You are getting a new cert from a 3rd party vendor.  You can't click renew because your current cert is self signed.  You are better off removing the current self signed certificate on the site and generate a brand new certificate request with the right info then install the 3rd party certificate when you get it and you are done.

0
 
caw01Author Commented:
Mental note:  Verify your WHOIS record before submitting a new CSR.  I had to wait until today to get our ssl back up and running because our WHOIS record had a previous address and the incorrect Company name.
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Glad it is all working for you now :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now