asked on Problem in binding SSL cert to 2012 WServer.
Binding new SSL certificate to WServer 2012 problem.
I built the request per:
https://www.digicert.com/util/csr-creation-microsoft-servers-using-digicert-utility.htm. Handed the request off to our infrastructure team where they purchased the new SSL. The Team has sent me the new SSL certificates where I renamed appropriately from a .txt extension to a .cer externsion.
I have two test servers (and two prod servers)I need to update the SSL certificates for. I have followed the steps outlined in this document for installing the SSL certificate:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/1159/37/certificate-installation-microsoft-iis-8x
I can see on the server IIS where the certificate has been updated to 10/9/2020 in the Server Certificates; however, if I look under the padlock on the client's URL, the expiry date is still set for: 10/24/2018. How do I propagate this out to the client? This is the first time I've done this, and I have four 2012 servers to update ASAP. Any guidance would be appreciated.
I built the request per:
https://www.digicert.com/util/csr-creation-microsoft-servers-using-digicert-utility.htm. Handed the request off to our infrastructure team where they purchased the new SSL. The Team has sent me the new SSL certificates where I renamed appropriately from a .txt extension to a .cer externsion.
I have two test servers (and two prod servers)I need to update the SSL certificates for. I have followed the steps outlined in this document for installing the SSL certificate:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/1159/37/certificate-installation-microsoft-iis-8x
I can see on the server IIS where the certificate has been updated to 10/9/2020 in the Server Certificates; however, if I look under the padlock on the client's URL, the expiry date is still set for: 10/24/2018. How do I propagate this out to the client? This is the first time I've done this, and I have four 2012 servers to update ASAP. Any guidance would be appreciated.
* ssl certSSL / HTTPS
Last Comment
Jon Davidson
ASKER
Travis,
The SSL test failed, "Unable to connect."
The SSL test failed, "Unable to connect."
Are the systems behind a load balancer and has the pfx been loaded to them?
*** Edit *** I'm assuming it failed as they are internal sites and not externally facing
*** Edit *** I'm assuming it failed as they are internal sites and not externally facing
ASKER
Travis
That assumption is correct. After that failed test, I went to IIS and clicked on the server in the left pane and double-clicked the server certificates and under the Action pane, I clicked on Create Certificate Request and created a csr file, and documented with screen shots every step I took. I am doing this again to make sure
1. Ensure the common name I used can be pinged.
2. Wanted to make sure I was using the server software and not a downloaded digicert application.
I don't have any experience doing this, so I am just trying to eliminate any place I could be making a mistake. I am currently waiting on the new SSL certs for production and test.
That assumption is correct. After that failed test, I went to IIS and clicked on the server in the left pane and double-clicked the server certificates and under the Action pane, I clicked on Create Certificate Request and created a csr file, and documented with screen shots every step I took. I am doing this again to make sure
1. Ensure the common name I used can be pinged.
2. Wanted to make sure I was using the server software and not a downloaded digicert application.
I don't have any experience doing this, so I am just trying to eliminate any place I could be making a mistake. I am currently waiting on the new SSL certs for production and test.
I'll be fair in that I've only had to deal with this a few times. The portions that got me were not having the load balancer updated with the pfx exported from the server. The second was after I installed it in the main IIS panel I didn't set the port binding on the webpage correctly.
Is it possible when you did the port binding the certificate you selected was the old one and not the new? If they have the same domain name then the drop down will list both of them. Use view to see the certificate details for the right one.![ssl-pic.PNG]()
Is it possible when you did the port binding the certificate you selected was the old one and not the new? If they have the same domain name then the drop down will list both of them. Use view to see the certificate details for the right one.
ASKER
This website has not configured this form in the past. I went to the production server, and the "Add Site Binding" app has not been used to configure the connection.
Something new I found. Looking at the MMC
Console Root
Personal
Certificates
The SSL cert I am trying to install, in the properties does NOT have the text:
"You have a private key that corresponds to this certificate."
I need to install the cert with a private key. This is a requirement of any single socket layer certificate. I have been able to do as much, though it is NOT straightforward.
PROBLEM: When I reboot the server, and I access the site remotely (inward facing server on large network), the dates for the View Certificate in the URL are NOT updating. I could really use some help. I've tried everything short of a registry hack.
Surely someone has had this issue in the past with an SSL cert. This does not run in the IIS. It is powered by Apache Tomcat 7.0.
Something new I found. Looking at the MMC
Console Root
Personal
Certificates
The SSL cert I am trying to install, in the properties does NOT have the text:
"You have a private key that corresponds to this certificate."
I need to install the cert with a private key. This is a requirement of any single socket layer certificate. I have been able to do as much, though it is NOT straightforward.
PROBLEM: When I reboot the server, and I access the site remotely (inward facing server on large network), the dates for the View Certificate in the URL are NOT updating. I could really use some help. I've tried everything short of a registry hack.
Surely someone has had this issue in the past with an SSL cert. This does not run in the IIS. It is powered by Apache Tomcat 7.0.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
https://www.digicert.com/help/
What does the response say here.