SSL certificate has expired

what is the risk if an SSL certificate has expired, does this then mean the communications are no longer encrypted?
Also - if you host many sites on 1 IIS server, do you buy just 1 SSL certificate per server, or do you need one per site (not my area of expertise). where in IIS itself would it show if an SSL is current or expired, or whereelse would you need to look?

also what are the risks in self signed certificates, if any, and what would it mean when a certificate is not from a "valid authority".
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
1. an expired SSL Certificate will make a user's browser display an SSL expiration warning before displaying your content.  It also gives the impression that the web site cannot be trusted since the owner/operator of the site let the SSL Cert expire and didn't renew it.  You can acknowledge the error and continue on to the site, the encryption is still in operation.

2. typically you need 1 SSL Cert per website.  The certs are configured to the host and domain that they will secure.  There are also a wildcard certs (much more expensive) that can be used for multiple web sites but only under 1 specific domain.

3. the risks of using a self-signed cert is that no one will trust the issuing certificate server resulting in user browsers display a secure warning when visiting your web site.

SSL Certificates are about security and trust.  Trust comes in the form of a website operator acquiring a certificate from a known/trusted 3rd party provider.  The purchase process can be very detailed in terms of verifying who is purchasing the cert and if that person/entity should be purchasing/renewing the cert.  The level of verification depends on the cert type and the cost.

Secure comes from deploying the certificate to your web site.  Providing your users/visitors with a sense of protection that their communications with your site are private.

Dan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
can you see within IIS itself if certificates are expired/self-signed, or do you only get this via visiting the site itself? where in IIS manager can you see each certificate and which site it relates to?
Dan McFaddenSystems EngineerCommented:
You can view and manager certificates on a server using the Microsoft Management Console.

with a user that has at least local admin rights:
1. run mmc.exe
2. in the MMC, go to File > Add or Remove Snap-ins
3. select Certificates under available snap-ins
4. click Add
5. select the Computer account radio button and click Next
6. select the Local computer radio button and click Finish
7. click OK

In the Certificates Manager, expand Certificates, expand Personal and select Certificates again.  On the right hand side you should see your available SSL Certs.  From here you can inspect and manage them.

To see which SSL Cert belongs to which web site, you need to use IIS Manager.  Under the bindings of each site you can see if port 443 is bound to a site and with 443 comes the cert.

Dan
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.