How to replace self signed certificate with GoDaddy without downtime

I have a customer with SBS 2003, currently using a self-signed SSL certificate.  This is typically used for Outlook Web Access or PDA access to email.

They have purchased a GoDaddy standard single site certificate, and want me to to replace the existing self-signed certificate with the trusted one.

The one 'catch' is that I also want to change the external ('CN') name associated with the certificate.  The old self signed references xxx.dyndns.org.  Nowadays they have a static IP and we want the new cert to reference  "remote.mydomain.com" (which points to their static IP now).

I believe I could remove the old self signed certificate, create a new request, and send it off.  When I get the certificate back, I could then install it as a new certificate.  However, that would require me to have hours (?days) of time with no certificate.

My other option appears to just renew the existing certificate, but then I don't get a chance to change the CN.

Is there a way to get to a proper SSL certificate, with the new CN, without being offline?
localmagicAsked:
Who is Participating?
 
Jerry SolomonConnect With a Mentor Network  AdministratorCommented:
Yes, the trick to this is to create a second "dummy" site in IIS, and use it to generate the certificate request.  Once you receive the new cert, you can use the certificate manager in IIS to apply a different certificate to the primary web site--actually on second thought, you can then run the "Connect to the Internet" wizard to apply the new certificate.  The key is to generate an accurate request using a dummy site.
It soulds like you know enough to run with this, but if you need more detail on how to pull this off, just let me know.
0
 
localmagicAuthor Commented:
Thanks Jerry,

This looks like the solution we need.  I'm setting up a test environment to try this out and will keep you posted.

For the record, the only other solution we could hypothesize with was to use OpenSSL to generate key/request pairs, obtain the cert, use OpenSSL again to build a PFX, and then install that to the certificate store.  I think your way sounds a lot simpler(!) and more mainstream.
0
 
localmagicAuthor Commented:
Worked Great.  Thanks again.

p.s.  Here's a detailed link for for others following this path:

http://blogs.technet.com/sbs/archive/2007/08/21/how-to-install-a-public-3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx
0
All Courses

From novice to tech pro — start learning today.