How to load a reissued SSL certificate on a SBS 2008 server?
Posted on 2010-11-26
I'm not getting much help from the certificate issuer so I'll throw it out to you guys.
I have 3 servers, SBS2008 and two IIS servers.
I have an SSL certificate with SAN successfully installed on the SBS box (using the SBS console wizard).
The IIS servers both need a certificate installing for https so I have had my SAN cert reissued with extra SANs to use on these servers as well (cert is licensed for 3 servers so that's fine).
I have established that in order to successfully load the reissued cert onto my IIS servers I need to export it with key as .pfx on the original server and then import said pfx onto the other two servers. (I have done this successfully on one but of course it throws up cert errors in a browser as the version of the cert I exported/imported is the original without the extra SANs).
What I am having a surprising amount of trouble establishing is how to replace my original cert with the reissue on the SBS box, so that I can export/import it onto the other servers.
What I've tried so far:
I have tried regenerating a CSR with the SBS wizard and then loading the revised cert but it rejects it as not compatible.
I have tried importing a certificate already on the server (ie the reissue which I manually imported using MMC certificates snapin) using the SBS wizard but again it rejects it.
There are no more options in the SBS Wizard.
From previous experience I know that the standard Exchange 2007 ways of loading a certificate using EMS commands don't work on a SBS box.
Am I up a dead end? Is there any way of getting SBS2008 to accept a certificate with extra SANs?