?
Solved

IIS certificate and security

Posted on 2014-04-09
3
Medium Priority
?
230 Views
Last Modified: 2014-05-01
Hello,

I have two quick questions:

1.  I have a hot/warm server architecture for my IIS server in that if the primary fails, I will have to restore my SQL database backup to the warm server; however I'm unsure of what I would need to do for my IIS security certificate.  It is installed on the primary server as servername.com and was wondering how I would re-install it on the warm?  Can I do it as the same name of the hot or do I have to change the name?  I'd like to install it now, but don't want it to interfere with the current hot server.

2.  What is the best way of securing IIS?  I was going to run MBSA to have it scan for patches, but was also wondering how to harden it better.

Thanks,
0
Comment
Question by:soadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 39990546
Export the certificate from the HOT IIS server
MMC.exe - add remove snapin
certificates
computer account
local computer
personal
certificates

identify the certificate in use and right click on it and export
be sure to click "Export Private Key"
save to a .pfx file.

Copy that file to the warm server and then install via the mmc
MMC.exe - add remove snapin
certificates
computer account
local computer
personal
certificates

Right click on certificates and import
Point to the file you just created
Enter the password etc and proceed to complete.


Once that is done you can bind the cert to the relevant site in IIS and leave the site down until you need to fail over.

You can do it all as the same name just leave the warm server not running until you actually need to fail over.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39992126
Copy that file to the warm server and then install via the mmc
Make sure to include any Root and Intermediate Certificates if needed.  Here is a guide on that if you need to:  http://supportline.microfocus.com/Documentation/books/reUZE_Server_60/cjtcer.htm
0
 
LVL 29

Expert Comment

by:becraig
ID: 40013748
Do you need any additional help on this issue, or is it resolved ?
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question