IIS 5 & IIS 6
Replace OLD SSL Cert, but with different FQDN
Last post Aug 27, 2009 06:58 AM by Paul Lynch
Aug 26, 2009 07:53 PM|ethos84|LINK
Currently have a SSL cert setup on our IIS 6 server which is about to expire. Lets say for example it's "ssl1.domain.com".
I want to create a new cert, "ssl2.domain.com". I've found a guide here:
"Enter Properties for the newly created virtual site, then go to the
Certificate Wizard to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace."
This part confuses me though as obviously it won't be identical, will this matter?
Could someone assist in the best method to achieve my goal?
I was thinking that it might be possible to just remove the current certificate from the IIS menu, then create a new request etc...
Aug 27, 2009 02:28 AM|lextm|LINK
I consider this is a certificate issue.
In IIS 6 you can generate a renew certificate request, and send that to your CA. Then the CA can provide you a new certificate to replace the old one.
I think your CA is the best resource to consult at this moment, for example GeoCerts publishes this nice article for its customers and us,
Aug 27, 2009 05:52 AM|ethos84|LINK
Thanks for the reply.
This seems fine if the FQDN was identical, but it's not. I need to create a brand new request with the modified FQDN...
I suppose I could create a 2nd website, process a new request with that and the new FQDN then REPLACE it on the original 1st default website?
Aug 27, 2009 06:58 AM|Paul Lynch|LINK
Yes that's right. You can generate the certificate request anywhere (even on a different machine) and then export the certificate (with private key) and replace the existing one on your original web site.