localmagic
asked on
How to replace self signed certificate with GoDaddy without downtime
I have a customer with SBS 2003, currently using a self-signed SSL certificate. This is typically used for Outlook Web Access or PDA access to email.
They have purchased a GoDaddy standard single site certificate, and want me to to replace the existing self-signed certificate with the trusted one.
The one 'catch' is that I also want to change the external ('CN') name associated with the certificate. The old self signed references xxx.dyndns.org. Nowadays they have a static IP and we want the new cert to reference "remote.mydomain.com" (which points to their static IP now).
I believe I could remove the old self signed certificate, create a new request, and send it off. When I get the certificate back, I could then install it as a new certificate. However, that would require me to have hours (?days) of time with no certificate.
My other option appears to just renew the existing certificate, but then I don't get a chance to change the CN.
Is there a way to get to a proper SSL certificate, with the new CN, without being offline?
They have purchased a GoDaddy standard single site certificate, and want me to to replace the existing self-signed certificate with the trusted one.
The one 'catch' is that I also want to change the external ('CN') name associated with the certificate. The old self signed references xxx.dyndns.org. Nowadays they have a static IP and we want the new cert to reference "remote.mydomain.com" (which points to their static IP now).
I believe I could remove the old self signed certificate, create a new request, and send it off. When I get the certificate back, I could then install it as a new certificate. However, that would require me to have hours (?days) of time with no certificate.
My other option appears to just renew the existing certificate, but then I don't get a chance to change the CN.
Is there a way to get to a proper SSL certificate, with the new CN, without being offline?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Worked Great. Thanks again.
p.s. Here's a detailed link for for others following this path:
http://blogs.technet.com/sbs/archive/2007/08/21/how-to-install-a-public-3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx
p.s. Here's a detailed link for for others following this path:
http://blogs.technet.com/sbs/archive/2007/08/21/how-to-install-a-public-3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx
ASKER
This looks like the solution we need. I'm setting up a test environment to try this out and will keep you posted.
For the record, the only other solution we could hypothesize with was to use OpenSSL to generate key/request pairs, obtain the cert, use OpenSSL again to build a PFX, and then install that to the certificate store. I think your way sounds a lot simpler(!) and more mainstream.