xsound
asked on
Renewing SSL certificates
I would like to apologize in advance, I am new at this. We have Verisign SSL certificates and are changing to RSA. Because we are changing providers I did not think doing a normal renew in IIS was the correct method. I obviously dont know for sure.
Ok, the problem is on a production site that already has a cert. I dont want to disturb a production site to start the cert request process. But, when I go into IIS, since I have a valid cert, I do not see the option I want to see (I think it says create cert).
So anyway what I did last time to prevent disruption is exported the certs (mmc certificates) to a file but I dont remember details of file extension. Deleted the cert in IIS. Then I saw the option I wanted to see to start the cert request process. Got the text file / private key text whatever it is. Then I cancelled out the install pending request so I could import in the live production cert again so the site was actually only without SSL for 5 minutes.
OK, the problem. Clearing out the install pending request so I could re-import my current cert while I was waiting for my renewed cert apparently wipes out my private key. Meaning when I finally get the renewed cert, renew/replace in ISS and then view the cert, everything looks OK except I do not see the private key at the very bottom and SSL is not working. Meaning http is fine but https prompts.
Can someone point out some of the things I am doing incorrectly or share you experiences on how to do this the correct way.
Thanks in advance.
Ok, the problem is on a production site that already has a cert. I dont want to disturb a production site to start the cert request process. But, when I go into IIS, since I have a valid cert, I do not see the option I want to see (I think it says create cert).
So anyway what I did last time to prevent disruption is exported the certs (mmc certificates) to a file but I dont remember details of file extension. Deleted the cert in IIS. Then I saw the option I wanted to see to start the cert request process. Got the text file / private key text whatever it is. Then I cancelled out the install pending request so I could import in the live production cert again so the site was actually only without SSL for 5 minutes.
OK, the problem. Clearing out the install pending request so I could re-import my current cert while I was waiting for my renewed cert apparently wipes out my private key. Meaning when I finally get the renewed cert, renew/replace in ISS and then view the cert, everything looks OK except I do not see the private key at the very bottom and SSL is not working. Meaning http is fine but https prompts.
Can someone point out some of the things I am doing incorrectly or share you experiences on how to do this the correct way.
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The renewal and installation of new certificates can be done in IIS manager -> Web site properties -> Directory security -> Server certificate. You should be able to click that even when you have a certificate installed.