Windows Server 2016 SSL Certificate

enthuguy
enthuguy used Ask the Experts™
on
Hi Windows Server experts,

Just need a general guidance on this scenario pls

In AWS EC2 Windows Server 2016 (serverA), have manually installed softwares,  imported/configured SSL certificates, etc for one of my application, my application works fine in https....all good at this stage.

As you know, in AWS, we have an option to create an AMI (Snapshot) from an EC2. Using this AMI we can create subsequent servers instances (serverB, serverC, etc , so we dont have to reinstall and configure softwares once again.

My Request is:
If I launch and create new EC2 Windows server based on above AMI, Do I have to perform anything extra for SSL certificates to work on serverB, serverC, so on? would that works as it was working on the serverA.

please suggest. and advice.

Thanks in advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Joshua GrantomSenior Systems Administrator
Top Expert 2014

Commented:
How are the certificates used? Are they added to trusted certificates or are they used to authenticate the server?

Author

Commented:
HI Joshua,

They are imported into certificate store "Web Hosting" using

I'm getting familiar in SSL :)
Senior Systems Administrator
Top Expert 2014
Commented:
The certificates should stay when you deploy from the AMI template. As long as there are Subject Alternate Names for each hostname of each server or if you are using a wildcard certificate you should be fine. Keep in mind that if these servers are being joined to a domain, sysprep should be run before you make the AMI so the image is generalized.
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Author

Commented:
Thanks Joshua,
Yes, it is a wildcard certificate.

Yes, it is domain joined (spot on joshua)

Could you provide a link on sysprep that you are suggesting please?

are you talking about this?
PS C:\> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule
PS C:\> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\SendEventLogs.ps1 -Schedule

Open in new window

Joshua GrantomSenior Systems Administrator
Top Expert 2014

Commented:
I would follow Amazon best practice to sysprep. It's pretty straight forward.

https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ami-create-standard.html

Author

Commented:
Thanks Joshua,
Since we use wild card, it worked and thx for the sysprep. I was able to create a clean AMI after that.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial