Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

IIS certificate and security

Posted on 2014-04-09
3
220 Views
Last Modified: 2014-05-01
Hello,

I have two quick questions:

1.  I have a hot/warm server architecture for my IIS server in that if the primary fails, I will have to restore my SQL database backup to the warm server; however I'm unsure of what I would need to do for my IIS security certificate.  It is installed on the primary server as servername.com and was wondering how I would re-install it on the warm?  Can I do it as the same name of the hot or do I have to change the name?  I'd like to install it now, but don't want it to interfere with the current hot server.

2.  What is the best way of securing IIS?  I was going to run MBSA to have it scan for patches, but was also wondering how to harden it better.

Thanks,
0
Comment
Question by:soadmin
  • 2
3 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39990546
Export the certificate from the HOT IIS server
MMC.exe - add remove snapin
certificates
computer account
local computer
personal
certificates

identify the certificate in use and right click on it and export
be sure to click "Export Private Key"
save to a .pfx file.

Copy that file to the warm server and then install via the mmc
MMC.exe - add remove snapin
certificates
computer account
local computer
personal
certificates

Right click on certificates and import
Point to the file you just created
Enter the password etc and proceed to complete.


Once that is done you can bind the cert to the relevant site in IIS and leave the site down until you need to fail over.

You can do it all as the same name just leave the warm server not running until you actually need to fail over.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39992126
Copy that file to the warm server and then install via the mmc
Make sure to include any Root and Intermediate Certificates if needed.  Here is a guide on that if you need to:  http://supportline.microfocus.com/Documentation/books/reUZE_Server_60/cjtcer.htm
0
 
LVL 29

Expert Comment

by:becraig
ID: 40013748
Do you need any additional help on this issue, or is it resolved ?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question