Prev: AddHeader "Content-Length" does not work in IIS7
Next: In place upgrade of Windows 2003 Std to Windows 2008 Std
From: Dooza on 22 Jul 2010 04:01
Hi there,
I have been developing a new site on the same IIS6 box. It currently has
an SSL cert that I installed with IIS6 SelfSSL.

When I want to make my test site replace the live site I will need to
transfer the current live SSL certificate to the test site. How do I do
this?

Cheers,

Dooza
From: Dan on 22 Jul 2010 04:31

"Dooza" <steveNO(a)SPAM.dooza.tv> wrote in message
news:OE#YTPXKLHA.6100(a)TK2MSFTNGP05.phx.gbl...
> Hi there,
> I have been developing a new site on the same IIS6 box. It currently has
> an SSL cert that I installed with IIS6 SelfSSL.
>
> When I want to make my test site replace the live site I will need to
> transfer the current live SSL certificate to the test site. How do I do
> this?
>
> Cheers,
>
> Dooza

Using the Server Certificate button on the Directory Security tab for the
sites.

In the IIS manager simply remove the SSL certificate from the current live
site using "Remove the current certificate" (it simply removes the
association, it does not delete the certificate!), then go to the test site
and using the "Assign an existing certificate" to then select the live SSL
certificate.

I've done this repeatedly over the past few years with no hiccups yet :)
When we renew certificates we tend to do so on a test site, and then once
the signed certificate is returned from the CA complete it on the test site,
check it's correct with a browser, and then swap it onto the live site using
the above procedure.

All the old certificates remain in the certificate store, you can remove
these if you want from the Certificate Manager MMC (Certificates.msc).

--
Dan

From: Dooza on 22 Jul 2010 05:21
On 22/07/2010 09:31, Dan wrote:
>
> "Dooza" <steveNO(a)SPAM.dooza.tv> wrote in message
> news:OE#YTPXKLHA.6100(a)TK2MSFTNGP05.phx.gbl...
>> Hi there,
>> I have been developing a new site on the same IIS6 box. It currently
>> has an SSL cert that I installed with IIS6 SelfSSL.
>>
>> When I want to make my test site replace the live site I will need to
>> transfer the current live SSL certificate to the test site. How do I
>> do this?
>>
>> Cheers,
>>
>> Dooza
>
> Using the Server Certificate button on the Directory Security tab for
> the sites.
>
> In the IIS manager simply remove the SSL certificate from the current
> live site using "Remove the current certificate" (it simply removes the
> association, it does not delete the certificate!), then go to the test
> site and using the "Assign an existing certificate" to then select the
> live SSL certificate.
>
> I've done this repeatedly over the past few years with no hiccups yet :)
> When we renew certificates we tend to do so on a test site, and then
> once the signed certificate is returned from the CA complete it on the
> test site, check it's correct with a browser, and then swap it onto the
> live site using the above procedure.
>
> All the old certificates remain in the certificate store, you can remove
> these if you want from the Certificate Manager MMC (Certificates.msc).

Hi Dan,
I didn't know it worked like this, thank you very much for the info!

So my best course of action is to have a temp site saying site closed
for maintenance, stop the current site and remove SSL from current site,
stop the test site and remove the SSL, change the host header on the
test site to that of the current site, add the SSL and then start the
test site which is now the current site.

Steve

From: Dan on 22 Jul 2010 08:28

"Dooza" <steveNO(a)SPAM.dooza.tv> wrote in message
news:usLA$7XKLHA.4780(a)TK2MSFTNGP02.phx.gbl...
> On 22/07/2010 09:31, Dan wrote:
>>
>> "Dooza" <steveNO(a)SPAM.dooza.tv> wrote in message
>> news:OE#YTPXKLHA.6100(a)TK2MSFTNGP05.phx.gbl...
>>> Hi there,
>>> I have been developing a new site on the same IIS6 box. It currently
>>> has an SSL cert that I installed with IIS6 SelfSSL.
>>>
>>> When I want to make my test site replace the live site I will need to
>>> transfer the current live SSL certificate to the test site. How do I
>>> do this?
>>>
>>> Cheers,
>>>
>>> Dooza
>>
>> Using the Server Certificate button on the Directory Security tab for
>> the sites.
>>
>> In the IIS manager simply remove the SSL certificate from the current
>> live site using "Remove the current certificate" (it simply removes the
>> association, it does not delete the certificate!), then go to the test
>> site and using the "Assign an existing certificate" to then select the
>> live SSL certificate.
>>
>> I've done this repeatedly over the past few years with no hiccups yet :)
>> When we renew certificates we tend to do so on a test site, and then
>> once the signed certificate is returned from the CA complete it on the
>> test site, check it's correct with a browser, and then swap it onto the
>> live site using the above procedure.
>>
>> All the old certificates remain in the certificate store, you can remove
>> these if you want from the Certificate Manager MMC (Certificates.msc).
>
> Hi Dan,
> I didn't know it worked like this, thank you very much for the info!
>
> So my best course of action is to have a temp site saying site closed for
> maintenance, stop the current site and remove SSL from current site, stop
> the test site and remove the SSL, change the host header on the test site
> to that of the current site, add the SSL and then start the test site
> which is now the current site.
>

It should only take you 20 seconds or so to swap them over, do you really
need to go to the trouble of having an intermediate maintenance page too?

Also, you could assign the same certificate to both the live and the test
site (IIS will happily let you use the same certificate on multiple sites),
and set the host headers and SSL port to the same on both (obviously while
the test site is stopped of course, as otherwise it will conflict with the
current site!), then stop the current site and start the test site - you
should be able to get down time to no more than a second or so, at least no
more than it would be if you were stopping and starting sites in your method
above.

--
Dan

From: Dooza on 22 Jul 2010 11:15
On 22/07/2010 13:28, Dan wrote:
> It should only take you 20 seconds or so to swap them over, do you
> really need to go to the trouble of having an intermediate maintenance
> page too?
>
> Also, you could assign the same certificate to both the live and the
> test site (IIS will happily let you use the same certificate on multiple
> sites), and set the host headers and SSL port to the same on both
> (obviously while the test site is stopped of course, as otherwise it
> will conflict with the current site!), then stop the current site and
> start the test site - you should be able to get down time to no more
> than a second or so, at least no more than it would be if you were
> stopping and starting sites in your method above.

Hi Dan, that sounds good, but I am not sure how I get the same
certificate on both sites. Can you explain it to me?

Cheers,

Steve
 |  Next  |  Last
Pages: 1 2 3
Prev: AddHeader "Content-Length" does not work in IIS7
Next: In place upgrade of Windows 2003 Std to Windows 2008 Std