spendergrass
asked on
Multiple certificates on a server using selfssl.exe
I have a Windows 2003 Small Business Server running IIS 6.0. On the server, I have Outlook for Web Access which uses the domain name https://mail.independencecare.com/exchange. I also have Trend Micro Office scan that uses https://icfs1.independencecare.local/officescan. I create certificates using selfssl.exe rather than buying them because both applications are internal.
Currently, I have the certificate for mail.independencecare.com installed and mail works just fine, but the Officescan program does not - it actually gives me a DNS error. If I install a certificate with a different site number for icfs1.independencecare.loc al neither mail or Officescan will work.
Is it possible to have a certificate for 2 different sites installed on one server? If so, how do I go about doing this?
Thank you for your help.
Sarah
Currently, I have the certificate for mail.independencecare.com installed and mail works just fine, but the Officescan program does not - it actually gives me a DNS error. If I install a certificate with a different site number for icfs1.independencecare.loc
Is it possible to have a certificate for 2 different sites installed on one server? If so, how do I go about doing this?
Thank you for your help.
Sarah
ASKER
I'm not sure I understand the question. I believe I am using different names for each application because they are completely separate applications. When the server was originally set up, that is how it was done. Since then, I've had to change some certificate stuff and now the Officescan application is no longer working.
I am going to try installing the icfs1.independencecare.loc al certificate in the trusted directory instead of personal.
Sarah
I am going to try installing the icfs1.independencecare.loc
Sarah
What happens when you browse to mail.independencecare.loca l/OfficeSc an?
ASKER
I get a 404 Page Cannot be Found error.
I just added the new certificate to the Trusted Certificates on the server and now I can access the site from the local server; however, I can still not access it from other computers.
I just added the new certificate to the Trusted Certificates on the server and now I can access the site from the local server; however, I can still not access it from other computers.
What happens when you add the cert to a client machine and connect to the site?
ASKER
I still get the Cannot Find Server or DNS error after I've added the certificate to my machine.
I think I may have gotten around the issue somehow. For some reason, after installing a certificate for icfs1.independencecare.loc al as Site 2, it now lets me access the site without SSL. For most applications this wouldn't be acceptable; however, the only reason I need to get to this internal site is to install virus scan software and then I won't need it anymore.
I would still be interested in finding out what I've done wrong, but at least it isn't as urgent anymore.
Thanks,
Sarah
I think I may have gotten around the issue somehow. For some reason, after installing a certificate for icfs1.independencecare.loc
I would still be interested in finding out what I've done wrong, but at least it isn't as urgent anymore.
Thanks,
Sarah
When you look at the Site Properties check the Directory Security tab and Edit the Secure Comminications section. Make sure that a certificate is installed there.
ASKER
When I clicked on View Certificate nothing was displayed. When I clicked on Server Certificate the wizard was displayed and my 3 choices were Renew, Remove or Replace. Which option should I select?
Thank you for your patience - I really don't understand how certificates work.
Thank you for your patience - I really don't understand how certificates work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It worked!!! I didn't realize that I would need to replace the certificate within IIS, too. Just so I'm clear on this - I need to create a new certificate and install it in my personal directory. Then, I need to go into Directory Security within IIS and replace the certificate that I had deleted out of the personal directory earlier and basically assign the new certificate that I created to the directory within IIS.
Thank you so much for your help!
Thank you so much for your help!
You do not need to do the personal directory thing at all. Just doing the work on IIS should be sufficient.
ASKER
I think the certificate that was previously assigned to that directory had been deleted - it no longer existed in the Personal Directory or the Trusted Directory. If that was the case, I needed to recreate using SELFSSL.exe, which places it in the Personal Directory and then assign the new certificate within IIS, right?
OK, that makes sense.
ASKER
Thanks again for your help.
Is there a specific reason that you are using different names for each application? Why not just use mail.whatever to access both sites?