Member_2_6492660_1
asked on
Web Farm Cert Issue
Windows 2012 R2 Data Center
IIs 8.5.9600.16384
Web Farm
VMware ESXI 6.5
I have two Web Servers VM's and my web sites are working fine.
I am using IIS Shared configurations. I have DFS/R installed to replicate the data of wwwroot folder.
I am now adding a cert so I can us HTTPS
I installed the cert o my node 1 server
In the bindings I added HTTPS port 443 and selected my new cert
I created a folder under wwwroot named cert and placed my cert crt file there
DFSr replicated the folder and files to Node 2.
On Node 2 The HTTPS port 443 binding was automatically added.
Problem is it assigned another cert to the binding.
When I add the cert on node 2 it displays and then it disappears
How do I get the cert installed on both nodes?
Thank you
Tom
IIs 8.5.9600.16384
Web Farm
VMware ESXI 6.5
I have two Web Servers VM's and my web sites are working fine.
I am using IIS Shared configurations. I have DFS/R installed to replicate the data of wwwroot folder.
I am now adding a cert so I can us HTTPS
I installed the cert o my node 1 server
In the bindings I added HTTPS port 443 and selected my new cert
I created a folder under wwwroot named cert and placed my cert crt file there
DFSr replicated the folder and files to Node 2.
On Node 2 The HTTPS port 443 binding was automatically added.
Problem is it assigned another cert to the binding.
When I add the cert on node 2 it displays and then it disappears
How do I get the cert installed on both nodes?
Thank you
Tom
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As the first comment suggests, yiuc an export the certificate from the first node WITH the private key (if the private key was marked as exportable during creation) and then import, but realize that this carries risk. The key is now in a file and can be found/exploited. You must take the utmost care where that file goes and should NEVER be stored in any DFS replicated folder or within the IIS folder structure. Ideally you'd put it on media you can destroy and the file onky lives long r iufb to be imported. Once the private key is in the new cert store on node 2, the file gets eliminated altogether having completed its purpose.