How to replace self signed certificate with GoDaddy without downtime

I have a customer with SBS 2003, currently using a self-signed SSL certificate.  This is typically used for Outlook Web Access or PDA access to email.

They have purchased a GoDaddy standard single site certificate, and want me to to replace the existing self-signed certificate with the trusted one.

The one 'catch' is that I also want to change the external ('CN') name associated with the certificate.  The old self signed references xxx.dyndns.org.  Nowadays they have a static IP and we want the new cert to reference  "remote.mydomain.com" (which points to their static IP now).

I believe I could remove the old self signed certificate, create a new request, and send it off.  When I get the certificate back, I could then install it as a new certificate.  However, that would require me to have hours (?days) of time with no certificate.

My other option appears to just renew the existing certificate, but then I don't get a chance to change the CN.

Is there a way to get to a proper SSL certificate, with the new CN, without being offline?
localmagicAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jerry SolomonNetwork  AdministratorCommented:
Yes, the trick to this is to create a second "dummy" site in IIS, and use it to generate the certificate request.  Once you receive the new cert, you can use the certificate manager in IIS to apply a different certificate to the primary web site--actually on second thought, you can then run the "Connect to the Internet" wizard to apply the new certificate.  The key is to generate an accurate request using a dummy site.
It soulds like you know enough to run with this, but if you need more detail on how to pull this off, just let me know.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
localmagicAuthor Commented:
Thanks Jerry,

This looks like the solution we need.  I'm setting up a test environment to try this out and will keep you posted.

For the record, the only other solution we could hypothesize with was to use OpenSSL to generate key/request pairs, obtain the cert, use OpenSSL again to build a PFX, and then install that to the certificate store.  I think your way sounds a lot simpler(!) and more mainstream.
0
localmagicAuthor Commented:
Worked Great.  Thanks again.

p.s.  Here's a detailed link for for others following this path:

http://blogs.technet.com/sbs/archive/2007/08/21/how-to-install-a-public-3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.