Solved

Install two certificates for the same website IIS 8

Posted on 2014-11-20
5
207 Views
Last Modified: 2014-11-25
Hello

I would like to know if it's possible to install two certificates on the same IIS 8 web site i.e. to represent the same domain name?

The reason behind this is that we use IIS 8 as a reverse proxy to handle incoming AS2 traffic. The AS2 traffic will be signed with our public key, and the certificate for that is through godaddy and expires in a few weeks. When I renew the certificate, the old one will be revoked within 72 hours. This isn't long enough for us to distribute the new certificate to our AS2 customers and we can't afford to lose connectivity with them.

Godaddy have recommended that I purchase a new certificate under the same domain name, and that this can sit alongside the old one on their system. If I can install this alongside the old one, then this should solve my problem. Our AS2 customers then have a few weeks to install the new cert on their systems before the old one expires.

Any help is much appreciated.

Regards,
James
0
Comment
Question by:failed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 5

Expert Comment

by:Abdul Khadja Alaoudine
ID: 40454890
Yes, it can be done. See for more information - https://www.digicert.com/ssl-support/ssl-host-headers-iis-8.htm
0
 

Author Comment

by:failed
ID: 40454969
I don't think that will work because I want both certificates to bind to the same port. Any ideas?
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 40460806
Two certificates bound to the same port on the same server?
No.  You can only have one.

On the assumption that your clients have to explicitly install the certificate on their systems to use the site: What you should be able to do, however, is buy a new certificate while you keep the only one bound to the website while your users install the new certificate.  On the day before the old certificate expires, or after you have confirmation that your clients all have the new certificate, you switch over to bind the new certificate to the port.

Normally, however, you would purchase a certificate from GoDaddy or another public CA because you don't want your clients to have to explicitly trust your certificate.  You're paying for a certificate because the public CA's root certificate is trusted by systems by default.  (That said, you usually have to also install the GoDaddy intermediate certificate on the web server so that the certificate chain can be established on the server.)  I'm assuming there is something specific with the AS2 system that precludes this from working correctly for some reason.
0
 
LVL 1

Expert Comment

by:SquigglyMonkey
ID: 40464876
I know you accepted an answer, but I thought I would add that you can put more than one domain name in one cert.
Check out this link at digi cert.
https://www.digicert.com/ev-multi-domain-ssl.htm
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 40465134
I believe the issues isn't multiple names, my interpretation of the issue at hand was that the name was staying the same.  The issue was that the old certificate was expiring, and there was timing and coordination efforts necessary before the new certificate could be active on the site.

SAN and wildcard certificates solve a problem, which folks might also want to solve with binding multiple certificates to a port, but they don't solve this problem.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question