Westez
asked on
SSL Certs and NLB config?
Moving cert from a single Win2003-IIS 6 box to a pair of Win2008-II7 boxes that are load balanced but not an IIS 7 shared config. Can we assign the one cert to both boxes?
The cert is assigned the name of the website and not the server. The site name and the ip address will be assigned to the win08 servers.
The cert is assigned the name of the website and not the server. The site name and the ip address will be assigned to the win08 servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
prashantjain
If the certificate has the website name, of course you can
ASKER
If your moving the cert from one server to another wouldn't you need to export the private key?
hi Westez,
As said earlier by the experts, it is possible to install the same certificate on multiple servers. perhaps if this cert is purchased from third party CA like verisign then you need to think about the licensing part as they issue based on the no. of years X no. of servers.
happy cert migration :)
As said earlier by the experts, it is possible to install the same certificate on multiple servers. perhaps if this cert is purchased from third party CA like verisign then you need to think about the licensing part as they issue based on the no. of years X no. of servers.
happy cert migration :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
exporting the cert doesn't move it - it's a copy
and can be imported into certificate store of second server.
then open IIS manager, open server certificates, and you will see your certificate there.
highlight your website - click on bindings - edit the https entry and add the certificate.
i did this three times already today!
and can be imported into certificate store of second server.
then open IIS manager, open server certificates, and you will see your certificate there.
highlight your website - click on bindings - edit the https entry and add the certificate.
i did this three times already today!
ASKER
I'll admit I dont' do this that often, and I found this link before I posted up. And I understand it's a copy and not a move. The comment save it as a .pk7 file is what I was asking about, because you don't save the private key in that format. I'm thinking that if your going to export from one box and import on another box your going to want that private key.
http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html
And thanks for the detailed explanations.
http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html
And thanks for the detailed explanations.
there is a switch in the import wizard that makes the certificate exportable - this brings the private key with the cert.
ASKER
Thanks guys, if I get jammed up i'll yelp:)