Link to home
Start Free TrialLog in
Avatar of xsound
xsound

asked on

Renewing SSL certificates

I would like to apologize in advance, I am new at this.  We have Verisign SSL certificates and are changing to RSA.  Because we are changing providers I did not think doing a normal renew in IIS was the correct method.  I obviously dont know for sure.  
Ok, the problem is on a production site that already has a cert.  I dont want to disturb a production site to start the cert request process.  But, when I go into IIS, since I have a valid cert, I do not see the option I want to see (I think it says create cert).  
So anyway what I did last time to prevent disruption is exported the certs (mmc  certificates) to a file but I dont remember details of file extension.   Deleted the cert in IIS.  Then I saw the option I wanted to see to start the cert request process.  Got the text file / private key text whatever it is.  Then I cancelled out the install pending request so I could import in the live production cert again so the site was actually only without SSL for 5 minutes.  
OK, the problem.  Clearing out the install pending request so I could re-import my current cert while I was waiting for my renewed cert apparently wipes out my private key.    Meaning when I finally get the renewed cert, renew/replace in ISS and then view the cert, everything looks OK except I do not see the private key at the very bottom and SSL is not working.  Meaning http is fine but https prompts.
Can someone point out some of the things I am doing incorrectly or share you experiences on how to do this the correct way.
Thanks in advance.
Avatar of Blaz
Blaz
Flag of Slovenia image

Did you export your certificate private key to the file before deleting the certificate? You should have selected some extra options when exporting to do that. If you didn't the private key is probably lost and it will not work until you get the new certificate.

The renewal and installation of new certificates can be done in IIS manager -> Web site properties -> Directory security -> Server certificate. You should be able to click that even when you have a certificate installed.
ASKER CERTIFIED SOLUTION
Avatar of Dave_Dietz
Dave_Dietz
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial