Solved

Install two certificates for the same website IIS 8

Posted on 2014-11-20
5
200 Views
Last Modified: 2014-11-25
Hello

I would like to know if it's possible to install two certificates on the same IIS 8 web site i.e. to represent the same domain name?

The reason behind this is that we use IIS 8 as a reverse proxy to handle incoming AS2 traffic. The AS2 traffic will be signed with our public key, and the certificate for that is through godaddy and expires in a few weeks. When I renew the certificate, the old one will be revoked within 72 hours. This isn't long enough for us to distribute the new certificate to our AS2 customers and we can't afford to lose connectivity with them.

Godaddy have recommended that I purchase a new certificate under the same domain name, and that this can sit alongside the old one on their system. If I can install this alongside the old one, then this should solve my problem. Our AS2 customers then have a few weeks to install the new cert on their systems before the old one expires.

Any help is much appreciated.

Regards,
James
0
Comment
Question by:failed
5 Comments
 
LVL 5

Expert Comment

by:Abdul Khadja Alaoudine
Comment Utility
Yes, it can be done. See for more information - https://www.digicert.com/ssl-support/ssl-host-headers-iis-8.htm
0
 

Author Comment

by:failed
Comment Utility
I don't think that will work because I want both certificates to bind to the same port. Any ideas?
0
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
Comment Utility
Two certificates bound to the same port on the same server?
No.  You can only have one.

On the assumption that your clients have to explicitly install the certificate on their systems to use the site: What you should be able to do, however, is buy a new certificate while you keep the only one bound to the website while your users install the new certificate.  On the day before the old certificate expires, or after you have confirmation that your clients all have the new certificate, you switch over to bind the new certificate to the port.

Normally, however, you would purchase a certificate from GoDaddy or another public CA because you don't want your clients to have to explicitly trust your certificate.  You're paying for a certificate because the public CA's root certificate is trusted by systems by default.  (That said, you usually have to also install the GoDaddy intermediate certificate on the web server so that the certificate chain can be established on the server.)  I'm assuming there is something specific with the AS2 system that precludes this from working correctly for some reason.
0
 
LVL 1

Expert Comment

by:SquigglyMonkey
Comment Utility
I know you accepted an answer, but I thought I would add that you can put more than one domain name in one cert.
Check out this link at digi cert.
https://www.digicert.com/ev-multi-domain-ssl.htm
0
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
I believe the issues isn't multiple names, my interpretation of the issue at hand was that the name was staying the same.  The issue was that the old certificate was expiring, and there was timing and coordination efforts necessary before the new certificate could be active on the site.

SAN and wildcard certificates solve a problem, which folks might also want to solve with binding multiple certificates to a port, but they don't solve this problem.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now