?
Solved

can't install (UCC) SLL cert on multiple servers. IIS, SSL

Posted on 2008-11-18
7
Medium Priority
?
2,795 Views
Last Modified: 2012-05-05
Ok so we purchased some SLL [Multiple Domain (UCC)] from GoDaddy

I was successfully able to install the cert on 1 server, then i was not on any others.

When i called in for support the guy said we have to export it from the original server and import it into the other servers we want.

Can someone walk me through this process.

Thanks.
Using IIS
0
Comment
Question by:funnymanmike
  • 4
  • 3
7 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22988954
Basically, when you create the Certificate Signing Request (CSR) file, you generate the public & private key pair at that time.  You need to install the certificate on that same box so it can match itself up with that key pair.  You will need to export the certificate and include both the public and private keys in order for things to work on other servers that are listed in your UCC cert.

From the original server:
Open IIS - go into properties of the site that has it installed, e.g. Default First Site
Directory Security tab - click Server Certificate button
Follow the wizard - you can choose to either export it to a .pfx file or to copy (not move) to another server.

If you do the pfx, move it to a USB drive (i.e. take it off the hard drive instead of just copying it) and install from that onto your other web servers from the same area and point it to the pfx file.  Now you have it installed and backed up on the USB drive - keep the USB drive in a static bag and locked up - that cert represents the validity of your websites, don't stick it on your USB drive on your keychain!
0
 
LVL 5

Author Comment

by:funnymanmike
ID: 22996627
i followed your instructions

i downloaded the cert from godady
ran certificats to install the p7b file
ran iis to setup the ssl
confirmed that site was working with no issues
eported the pfx file to a network drive
went to server 2, nstall the pfx import
website2 still generating certificate issues
installed the p7b file on website 2
website2 still generating certificate issues

i am making no progress here
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22997750
Just to confirm the following:
1) You are typing in a name that matches on the UCC certificate - view the certificate and check Details tab to verify that the cert contains what you think it should in Subject Name and Subject Alternate Name fields.  I.e. you aren't using localhost or something like that to hit it from the internal vs. external name.

2) The certificate warning message - what is the error message?  I am working under the assumption that it is the name mismatch, not the trust or validity messages.  If is the trust message, check the name o the Issuer on the details tab and make sure that matches exactly to the name of the bottom CA in the chain that you installed as p7b.  GoDaddy has multiple Ca's that they issue through.  Maybe you just happened to already have the right one on serverA from MS root update that might not have been applied to serverB or something.

3) When you try importing the p7b, choose to manually place it and browse... - enable checkbox for Show Physical Stores, then point to Trusted Root Certificates.  Try this on the server.  I don't think you need to for client as you say it works ok for the other...
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 5

Author Comment

by:funnymanmike
ID: 22997824
1) i don't know what you mean? are you talking about online where the certificate resides? or the password that was required to copy it from one server to another?

2) see code snipit
 


There is a problem with this website's security certificate. 
 
   
 The security certificate presented by this website was issued for a different website's address.
 
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information 
 
 
If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting. 
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com. 
If you choose to ignore this error and continue, do not enter private information into the website. 
 
For more information, see "Certificate Errors" in Internet Explorer Help.
 

Open in new window

0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22998031
The name that you type into the address bar matches exactly what is in the UCC cert.  If you have the cert for ServerB.domain.com you need to type that in, not just ServerB or localhost as these would not match up correctly.

Looks like it is what I figured for the warning - name mismatch.  We should focus on the cert itself and how it is being referred - the root chain (p7b) should be fine since it wasn't mentioned in the warning.
0
 
LVL 5

Author Comment

by:funnymanmike
ID: 22998516
i went back to the go daddy site to add the name, i am jsut waiting on the approval of that.
0
 
LVL 5

Accepted Solution

by:
funnymanmike earned 0 total points
ID: 23029560
i was unable to achieve this. so i refunded the 5 domain certificate and just bought 3 single site certificates

all installed with no issues.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…
Suggested Courses
Course of the Month4 days, 16 hours left to enroll

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question