Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Renew Certificate for local Intranet Website

Posted on 2008-06-11
5
Medium Priority
?
1,175 Views
Last Modified: 2010-04-21
Some time ago I set up a site on our internal network. The site is hosted on a local 2003 web server.

We need to make it secure so I did so installed a certificate and using the GPO to push it out to all clients.

Well now I'm getting an expired message when trying to go to the site and I see it expired 3/11/2008 even though today is 6/11/2008.

It worked until today.

How do I renew it.

I installed the ticket on another server 2003 Standard server.
0
Comment
Question by:omnbit
  • 3
  • 2
5 Comments
 
LVL 11

Expert Comment

by:pcfreaker
ID: 21763330
HI,

The certificate was retrieved from a local CA (Standalone or Enterprise) or granted by a Vendor (Verisign)?
0
 

Author Comment

by:omnbit
ID: 21763377
local CA standalone i think.

Something I set up on our local server.
0
 
LVL 11

Accepted Solution

by:
pcfreaker earned 2000 total points
ID: 21763908
Oki, you could request a renewal from the IIS server:

Go to your IIS server and go to the web site you have with ssl.
* Right click properties and go to security, click on certificates.
* Select renew certificate
* Prepare the request now, but send it later
* choose the path and file name
Go to the ie and type the ca link: i.e. http://192.168.0.1/certsrv
* On the Microsoft Certificate Services page, click the Request a certificate link
* On the Request a Certificate page, click the advanced certificate request link
* On the Advanced Certificate Request page, click the Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
* You can paste the contents of the certificate request file into the Save Request text box on the Submit a Certificate Request or Renewal Request page. Note that you can not use the Browse for a file to insert link to insert the request because the default security settings on the browser will not allow you to do so.
* Open the certificate request file and press CTRL+A to select the entire contents of the file. Press CTRL+C or right click on the selected region and click the Copy command to copy the contents of the file onto the Windows clipboard.
* Return to the Submit a Certificate Request or Renewal Request Web page. Position the insertion point at the top left of the text box on the page. Press CTRL+V or right click at the insertion point and click the Paste command.
* The contents of the certificate request file are entered into the request text box. Click the down arrow for the Certificate Template drop down list and select the Web Server certificate template. Click Submit.
* Click Yes on the Internet Explorer dialog box that warns you that youre sending unencrypted data over the network.
* On the Certificate Issued page, click the Download Certificate Chain link. Click Save on the File Download dialog box.
* Save the file to a location on the local hard disk
* Click the Close button on the Download Complete dialog box after saving the certificate to the local hard disk.
* Downloading the certificate chain provides you with both the Web site certificate you requested and the CA certificate. You can place the CA certificate into the Trusted Root Certification Authorities certificate store if it is not already in place.

The final step is to bind the certificate to the service. Perform the following steps to bind the Web site certificate to the service you want to secure:
1. Open the Internet Information Services (IIS) Manager console, right click on the service you want to bind the certificate to, and click the Properties command

Go to your IIS server and go to the web site you have with ssl.
* Right click properties and go to security, click on certificates.
* On the Pending Certificate Request page, select the Process the pending request and install the certificate open. Click Next
* On the Process a Pending Request page, use the Browse button to locate and select the Web site certificate you requested. The path and name of the certificate will appear in the Path and file name text box, click next
* Review the information regarding the certificate on the Certificate Summary page, click next.
* Click Finish on the Completing the Web Server Certificate Wizard page.
Click Ok and restart the web service.

Let me know if you get stuck.

0
 

Author Closing Comment

by:omnbit
ID: 31466229
Worked like a charm! Thx
0
 

Author Comment

by:omnbit
ID: 21772182
http://192.168.0.1/certsrv

I had to change to

the CA system IP/certsrv.

but it worked.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question