Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 261
  • Last Modified:

IIS certificate and security

Hello,

I have two quick questions:

1.  I have a hot/warm server architecture for my IIS server in that if the primary fails, I will have to restore my SQL database backup to the warm server; however I'm unsure of what I would need to do for my IIS security certificate.  It is installed on the primary server as servername.com and was wondering how I would re-install it on the warm?  Can I do it as the same name of the hot or do I have to change the name?  I'd like to install it now, but don't want it to interfere with the current hot server.

2.  What is the best way of securing IIS?  I was going to run MBSA to have it scan for patches, but was also wondering how to harden it better.

Thanks,
0
soadmin
Asked:
soadmin
  • 2
1 Solution
 
becraigCommented:
Export the certificate from the HOT IIS server
MMC.exe - add remove snapin
certificates
computer account
local computer
personal
certificates

identify the certificate in use and right click on it and export
be sure to click "Export Private Key"
save to a .pfx file.

Copy that file to the warm server and then install via the mmc
MMC.exe - add remove snapin
certificates
computer account
local computer
personal
certificates

Right click on certificates and import
Point to the file you just created
Enter the password etc and proceed to complete.


Once that is done you can bind the cert to the relevant site in IIS and leave the site down until you need to fail over.

You can do it all as the same name just leave the warm server not running until you actually need to fail over.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Copy that file to the warm server and then install via the mmc
Make sure to include any Root and Intermediate Certificates if needed.  Here is a guide on that if you need to:  http://supportline.microfocus.com/Documentation/books/reUZE_Server_60/cjtcer.htm
0
 
becraigCommented:
Do you need any additional help on this issue, or is it resolved ?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now