How to replace self signed certificate with GoDaddy without downtime

Posted on 2008-11-10
Last Modified: 2012-05-05
I have a customer with SBS 2003, currently using a self-signed SSL certificate.  This is typically used for Outlook Web Access or PDA access to email.

They have purchased a GoDaddy standard single site certificate, and want me to to replace the existing self-signed certificate with the trusted one.

The one 'catch' is that I also want to change the external ('CN') name associated with the certificate.  The old self signed references  Nowadays they have a static IP and we want the new cert to reference  "" (which points to their static IP now).

I believe I could remove the old self signed certificate, create a new request, and send it off.  When I get the certificate back, I could then install it as a new certificate.  However, that would require me to have hours (?days) of time with no certificate.

My other option appears to just renew the existing certificate, but then I don't get a chance to change the CN.

Is there a way to get to a proper SSL certificate, with the new CN, without being offline?
Question by:localmagic
    LVL 6

    Accepted Solution

    Yes, the trick to this is to create a second "dummy" site in IIS, and use it to generate the certificate request.  Once you receive the new cert, you can use the certificate manager in IIS to apply a different certificate to the primary web site--actually on second thought, you can then run the "Connect to the Internet" wizard to apply the new certificate.  The key is to generate an accurate request using a dummy site.
    It soulds like you know enough to run with this, but if you need more detail on how to pull this off, just let me know.

    Author Comment

    Thanks Jerry,

    This looks like the solution we need.  I'm setting up a test environment to try this out and will keep you posted.

    For the record, the only other solution we could hypothesize with was to use OpenSSL to generate key/request pairs, obtain the cert, use OpenSSL again to build a PFX, and then install that to the certificate store.  I think your way sounds a lot simpler(!) and more mainstream.

    Author Comment

    Worked Great.  Thanks again.

    p.s.  Here's a detailed link for for others following this path:

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Suggested Solutions

    This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer:…
    You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now