Domain SSL certificate Replacement

Posted on 2011-10-01
Last Modified: 2012-05-12
Hello Experts

We currently have a UCC SSL certificate purchased from GODADDY,
And we want to change the SSL certificate to a WILDCARD.
My questions are as follows:

1. What is the Best practice for demolish the current cert and creating the new wildcard one.
2. What to do with the Implications on the Exchange, ActiveSync sync while without an SSL.
3.  How to Verify that the new * SSL will be able to work with multiple private keys, which means different servers. Please check also if there's a private-keys/servers limitation.
I would be glad if you can assist me on this issue,
Thank you.
Question by:IT_Group1
    LVL 15

    Expert Comment

    by:Jaroslav Mraz
    For bether know how certicate works we must start from end.

    How woud you know that this will work. You must knowthat wildcard certificate have only ONE PRIVATE KEY it just have more dns names in side of it. So if you wanted this working you must have for every wilde name A grade DNS to your server and import certificate inside every IIS instance.

    You can also do one thing if you have more domains you can buy Certificate for your own microsoft Certification Autority and you can then make any certificate and all of them will be trusted becouse ROOT CA signs your CA and then you are save.
    reed more here

    Best practice is to make new Certificate on autority then use replace function on every servis for example in IIS it is import new certificate and then activate of it. After you replace certificate on every service you will go to managment panel of CA and revoke your certiciate (rewoking is dont trust this cert any more) and ict the same like destruction becouse it cant be used anywere.
    LVL 13

    Accepted Solution


    I have using wilcardcert from Entrust with no problem for our Exchange environment and also our NPS for wireless authentication.

    These what I've done, other experts might have better way:

    1. Before disposing old cert, install the new cert first and then remove the old one.

    2. I using this page to help me setup exchange server, but I believe you do know how to do it,

    I did got into problem with it as the private key not exportable. So you need to make sure the private key used to generate CSR are exportable else you have to go long way - which might end up the cert cannot be deploy.

    3. The wildcard cert works different, but if you have private key exportable than it make your life easier. You can navigate here to our OWA exchange site,  and  you will notice we are using wildcard cert. I not be able to show you the using on NPS because it is between the Wireless Controller and NPS server only.

    I've went thru difficulties to make it happened, as advice to my self too. Next time, I will make sure the private key is mark exportable before creating the CSR. Then deploy the cert received from CA to the server and then export out *.pfx file with private key include. After that all thing will be easy.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
    Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now