can't install (UCC) SLL cert on multiple servers. IIS, SSL

Posted on 2008-11-18
Last Modified: 2012-05-05
Ok so we purchased some SLL [Multiple Domain (UCC)] from GoDaddy

I was successfully able to install the cert on 1 server, then i was not on any others.

When i called in for support the guy said we have to export it from the original server and import it into the other servers we want.

Can someone walk me through this process.

Using IIS
Question by:funnymanmike
    LVL 31

    Expert Comment

    Basically, when you create the Certificate Signing Request (CSR) file, you generate the public & private key pair at that time.  You need to install the certificate on that same box so it can match itself up with that key pair.  You will need to export the certificate and include both the public and private keys in order for things to work on other servers that are listed in your UCC cert.

    From the original server:
    Open IIS - go into properties of the site that has it installed, e.g. Default First Site
    Directory Security tab - click Server Certificate button
    Follow the wizard - you can choose to either export it to a .pfx file or to copy (not move) to another server.

    If you do the pfx, move it to a USB drive (i.e. take it off the hard drive instead of just copying it) and install from that onto your other web servers from the same area and point it to the pfx file.  Now you have it installed and backed up on the USB drive - keep the USB drive in a static bag and locked up - that cert represents the validity of your websites, don't stick it on your USB drive on your keychain!
    LVL 5

    Author Comment

    i followed your instructions

    i downloaded the cert from godady
    ran certificats to install the p7b file
    ran iis to setup the ssl
    confirmed that site was working with no issues
    eported the pfx file to a network drive
    went to server 2, nstall the pfx import
    website2 still generating certificate issues
    installed the p7b file on website 2
    website2 still generating certificate issues

    i am making no progress here
    LVL 31

    Expert Comment

    Just to confirm the following:
    1) You are typing in a name that matches on the UCC certificate - view the certificate and check Details tab to verify that the cert contains what you think it should in Subject Name and Subject Alternate Name fields.  I.e. you aren't using localhost or something like that to hit it from the internal vs. external name.

    2) The certificate warning message - what is the error message?  I am working under the assumption that it is the name mismatch, not the trust or validity messages.  If is the trust message, check the name o the Issuer on the details tab and make sure that matches exactly to the name of the bottom CA in the chain that you installed as p7b.  GoDaddy has multiple Ca's that they issue through.  Maybe you just happened to already have the right one on serverA from MS root update that might not have been applied to serverB or something.

    3) When you try importing the p7b, choose to manually place it and browse... - enable checkbox for Show Physical Stores, then point to Trusted Root Certificates.  Try this on the server.  I don't think you need to for client as you say it works ok for the other...
    LVL 5

    Author Comment

    1) i don't know what you mean? are you talking about online where the certificate resides? or the password that was required to copy it from one server to another?

    2) see code snipit

    There is a problem with this website's security certificate. 
     The security certificate presented by this website was issued for a different website's address.
    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
      We recommend that you close this webpage and do not continue to this website.  
      Click here to close this webpage.  
      Continue to this website (not recommended).  
         More information 
    If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting. 
    When going to a website with an address such as, try adding the 'www' to the address, 
    If you choose to ignore this error and continue, do not enter private information into the website. 
    For more information, see "Certificate Errors" in Internet Explorer Help.

    Open in new window

    LVL 31

    Expert Comment

    The name that you type into the address bar matches exactly what is in the UCC cert.  If you have the cert for you need to type that in, not just ServerB or localhost as these would not match up correctly.

    Looks like it is what I figured for the warning - name mismatch.  We should focus on the cert itself and how it is being referred - the root chain (p7b) should be fine since it wasn't mentioned in the warning.
    LVL 5

    Author Comment

    i went back to the go daddy site to add the name, i am jsut waiting on the approval of that.
    LVL 5

    Accepted Solution

    i was unable to achieve this. so i refunded the 5 domain certificate and just bought 3 single site certificates

    all installed with no issues.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
    Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now