Renewing SSL certificates
Posted on 2007-10-20
I would like to apologize in advance, I am new at this. We have Verisign SSL certificates and are changing to RSA. Because we are changing providers I did not think doing a normal renew in IIS was the correct method. I obviously dont know for sure.
Ok, the problem is on a production site that already has a cert. I dont want to disturb a production site to start the cert request process. But, when I go into IIS, since I have a valid cert, I do not see the option I want to see (I think it says create cert).
So anyway what I did last time to prevent disruption is exported the certs (mmc certificates) to a file but I dont remember details of file extension. Deleted the cert in IIS. Then I saw the option I wanted to see to start the cert request process. Got the text file / private key text whatever it is. Then I cancelled out the install pending request so I could import in the live production cert again so the site was actually only without SSL for 5 minutes.
OK, the problem. Clearing out the install pending request so I could re-import my current cert while I was waiting for my renewed cert apparently wipes out my private key. Meaning when I finally get the renewed cert, renew/replace in ISS and then view the cert, everything looks OK except I do not see the private key at the very bottom and SSL is not working. Meaning http is fine but https prompts.
Can someone point out some of the things I am doing incorrectly or share you experiences on how to do this the correct way.
Thanks in advance.