Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


IIS certificate and security

Posted on 2014-04-09
Medium Priority
Last Modified: 2014-05-01

I have two quick questions:

1.  I have a hot/warm server architecture for my IIS server in that if the primary fails, I will have to restore my SQL database backup to the warm server; however I'm unsure of what I would need to do for my IIS security certificate.  It is installed on the primary server as servername.com and was wondering how I would re-install it on the warm?  Can I do it as the same name of the hot or do I have to change the name?  I'd like to install it now, but don't want it to interfere with the current hot server.

2.  What is the best way of securing IIS?  I was going to run MBSA to have it scan for patches, but was also wondering how to harden it better.

Question by:soadmin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 29

Accepted Solution

becraig earned 2000 total points
ID: 39990546
Export the certificate from the HOT IIS server
MMC.exe - add remove snapin
computer account
local computer

identify the certificate in use and right click on it and export
be sure to click "Export Private Key"
save to a .pfx file.

Copy that file to the warm server and then install via the mmc
MMC.exe - add remove snapin
computer account
local computer

Right click on certificates and import
Point to the file you just created
Enter the password etc and proceed to complete.

Once that is done you can bind the cert to the relevant site in IIS and leave the site down until you need to fail over.

You can do it all as the same name just leave the warm server not running until you actually need to fail over.
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39992126
Copy that file to the warm server and then install via the mmc
Make sure to include any Root and Intermediate Certificates if needed.  Here is a guide on that if you need to:  http://supportline.microfocus.com/Documentation/books/reUZE_Server_60/cjtcer.htm
LVL 29

Expert Comment

ID: 40013748
Do you need any additional help on this issue, or is it resolved ?

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question