SSL Certificates…. sigh.


Right then, let’s get down to business.

I had to renew an SSL cert for a client. Simple enough I thought and sure, it should be. But it wasn’t. Here’s how it went down;

The server is running IIS 6.0.(Windows Server 2003 SBS)

The easy way to do this is to;

  • Right click on the site.(in the IIS Management MMC)
  • Choose Properties > Directory Security Tab > Server Certificate button
  • Next > Choose “Renew the current Cert”
  • Prepare the Request now, but send it later
  • Choose a file name 

At this point it generates a renewal cert.

Now all being equal I would go to the SSL certificate issuing company and login, click on the links to get to the renewal of SSL certs. Cut and paste the cert into their website and take it from there. After a day or so (or a few minutes if I hassle their tech support) they will process the request, at which point I login to their website again and cut and paste the newly generated SSL cert to a file locally.

From there I go back to the IIS management MMC, run through the whole process again but this time choose to process the pending request.

That is normal. For me it would seem that nothing is normal – I blame it on the Season finale of Lost. It didn’t work. Said something about that’s a load of old cobblers and to kindly go away.

The fix is this;

  • Right click on the “Default Web Site”
  • Choose New > Choose Web Site…
  • Go through all the stuff and make a new site.(Dont’ worry too much about the details. At this point we’re beyond caring)
  • Now that the new site is up, you need to generate a new SSL cert request.
  • Follow the steps above except to generate a new cert rather than renew.
  • During this process, make sure you have identical details to your old cert i.e. friendly name etc.
  • Again follow the steps above where you login to the issuing companies site, click on REISSUE the SSL cert.
  • Cut and paste the new cert you just generated into the site.
  • Wait for the them to come back to you with a new cert.(again feel free to hassle the tech support ppl)
  • Bring that down to a file locally.(this is all sounding familiar isn’t it)
  • Go back to the new site we just created and process the request. Hopefully it will take it this time!!!
  • Voila! we’re done.

So that’s all well and good but now we need to get that certificate on the REAL site.

  • Go back to IIS management.(you’re probably already there)
  • Go to your site.(probably Default Web Site)
  • Right Click > Properties > Directory Security > Server Certificate.
  • Click Next, then click on Replace the current Certificate.
  • Browse to that file you installed on the other new web site.
  • Really that’s it. It should take it just fine and you can now go and make a cup of coffee, or maybe a beer.

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: