[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1091
  • Last Modified:

Multiple certificates on a server using selfssl.exe

I have a Windows 2003 Small Business Server running IIS 6.0.  On the server, I have Outlook for Web Access which uses the domain name https://mail.independencecare.com/exchange.  I also have Trend Micro Office scan that uses https://icfs1.independencecare.local/officescan.  I create certificates using selfssl.exe rather than buying them because both applications are internal.

Currently, I have the certificate for mail.independencecare.com installed and mail works just fine, but the Officescan program does not - it actually gives me a DNS error.  If I install a certificate with a different site number for icfs1.independencecare.local neither mail or Officescan will work.

Is it possible to have a certificate for 2 different sites installed on one server?  If so, how do I go about doing this?

Thank you for your help.

Sarah
0
spendergrass
Asked:
spendergrass
  • 7
  • 7
1 Solution
 
smilerzCommented:
They need to be installed on separate virtual web sites, you will need to check with the application documentation to see if this is even possible.

Is there a specific reason that you are using different names for each application?  Why not just use mail.whatever to access both sites?
0
 
spendergrassAuthor Commented:
I'm not sure I understand the question.  I believe I am using different names for each application because they are completely separate applications.  When the server was originally set up, that is how it was done.  Since then, I've had to change some certificate stuff and now the Officescan application is no longer working.

I am going to try installing the icfs1.independencecare.local certificate in the trusted directory instead of personal.

Sarah
0
 
smilerzCommented:
What happens when you browse to mail.independencecare.local/OfficeScan?
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
spendergrassAuthor Commented:
I get a 404 Page Cannot be Found error.

I just added the new certificate to the Trusted Certificates on the server and now I can access the site from the local server; however, I can still not access it from other computers.
0
 
smilerzCommented:
What happens when you add the cert to a client machine and connect to the site?
0
 
spendergrassAuthor Commented:
I still get the Cannot Find Server or DNS error after I've added the certificate to my machine.

I think I may have gotten around the issue somehow.  For some reason, after installing a certificate for icfs1.independencecare.local as Site 2, it now lets me access the site without SSL.  For most applications this wouldn't be acceptable; however, the only reason I need to get to this internal site is to install virus scan software and then I won't need it anymore.

I would still be interested in finding out what I've done wrong, but at least it isn't as urgent anymore.

Thanks,
Sarah
0
 
smilerzCommented:
When you look at the Site Properties check the Directory Security tab and Edit the Secure Comminications section.  Make sure that a certificate is installed there.
0
 
spendergrassAuthor Commented:
When I clicked on View Certificate nothing was displayed.  When I clicked on Server Certificate the wizard was displayed and my 3 choices were Renew, Remove or Replace.  Which option should I select?

Thank you for your patience - I really don't understand how certificates work.
0
 
smilerzCommented:
Self sign another certificate with the name of this service (icfs1.independencecare.local) and Replace the certificate.
0
 
spendergrassAuthor Commented:
It worked!!!  I didn't realize that I would need to replace the certificate within IIS, too.  Just so I'm clear on this - I need to create a new certificate and install it in my personal directory.  Then, I need to go into Directory Security within IIS and replace the certificate that I had deleted out of the personal directory earlier and basically assign the new certificate that I created to the directory within IIS.

Thank you so much for your help!
0
 
smilerzCommented:
You do not need to do the personal directory thing at all.  Just doing the work on IIS should be sufficient.
0
 
spendergrassAuthor Commented:
I think the certificate that was previously assigned to that directory had been deleted - it no longer existed in the Personal Directory or the Trusted Directory.  If that was the case, I needed to recreate using SELFSSL.exe, which places it in the Personal Directory and then assign the new certificate within IIS, right?
0
 
smilerzCommented:
OK, that makes sense.
0
 
spendergrassAuthor Commented:
Thanks again for your help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 7
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now