Solved

Install two certificates for the same website IIS 8

Posted on 2014-11-20
5
203 Views
Last Modified: 2014-11-25
Hello

I would like to know if it's possible to install two certificates on the same IIS 8 web site i.e. to represent the same domain name?

The reason behind this is that we use IIS 8 as a reverse proxy to handle incoming AS2 traffic. The AS2 traffic will be signed with our public key, and the certificate for that is through godaddy and expires in a few weeks. When I renew the certificate, the old one will be revoked within 72 hours. This isn't long enough for us to distribute the new certificate to our AS2 customers and we can't afford to lose connectivity with them.

Godaddy have recommended that I purchase a new certificate under the same domain name, and that this can sit alongside the old one on their system. If I can install this alongside the old one, then this should solve my problem. Our AS2 customers then have a few weeks to install the new cert on their systems before the old one expires.

Any help is much appreciated.

Regards,
James
0
Comment
Question by:failed
5 Comments
 
LVL 5

Expert Comment

by:Abdul Khadja Alaoudine
ID: 40454890
Yes, it can be done. See for more information - https://www.digicert.com/ssl-support/ssl-host-headers-iis-8.htm
0
 

Author Comment

by:failed
ID: 40454969
I don't think that will work because I want both certificates to bind to the same port. Any ideas?
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 40460806
Two certificates bound to the same port on the same server?
No.  You can only have one.

On the assumption that your clients have to explicitly install the certificate on their systems to use the site: What you should be able to do, however, is buy a new certificate while you keep the only one bound to the website while your users install the new certificate.  On the day before the old certificate expires, or after you have confirmation that your clients all have the new certificate, you switch over to bind the new certificate to the port.

Normally, however, you would purchase a certificate from GoDaddy or another public CA because you don't want your clients to have to explicitly trust your certificate.  You're paying for a certificate because the public CA's root certificate is trusted by systems by default.  (That said, you usually have to also install the GoDaddy intermediate certificate on the web server so that the certificate chain can be established on the server.)  I'm assuming there is something specific with the AS2 system that precludes this from working correctly for some reason.
0
 
LVL 1

Expert Comment

by:SquigglyMonkey
ID: 40464876
I know you accepted an answer, but I thought I would add that you can put more than one domain name in one cert.
Check out this link at digi cert.
https://www.digicert.com/ev-multi-domain-ssl.htm
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 40465134
I believe the issues isn't multiple names, my interpretation of the issue at hand was that the name was staying the same.  The issue was that the old certificate was expiring, and there was timing and coordination efforts necessary before the new certificate could be active on the site.

SAN and wildcard certificates solve a problem, which folks might also want to solve with binding multiple certificates to a port, but they don't solve this problem.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question