So I needed to renew an SSL web certificate that was purchased a few years ago using 1024-bit RSA keys. Problem is that I can't simply renew the current certificate because of the 2048-bit standard imposed by all CA's and I can't create a new CSR for my site as it is currently active with an existing SSL certificate. Some quick research shows that creating a temp site to generate the new CSR seems to work best with very minimal downtime. This was performed on a Windows 2003 Server running IIS6.
Thawte's notes on the move to 2048.
1. Create a temp site in IIS (make sure it is stopped)
2. On the temp site right click > Properties > Directory Security > Server Certificate
3. Select Create a new certificate
4. Select Prepare the request now, but send it later
5. Enter a name for the new certificate and select a big length of 2048
6. Organization and Organization unit - Keep defaults as
7. Common name = FQDN for your site (i.e. - secure.somedomain.com)
8. Enter geographical information
9. Enter a path for the CSR
10. Confirm setting, click next, then finish.
11. Renew the certificate by submitting this CSR to your CA.
12. Once the CA approves and issues your certificate, download it to a local drive.
13. Right click the tempsite created earlier > Properties > Directory Security > Server Certificate > Process the pending request and install the certificate.
14. Browse to the path where you saved the Certificate.
15. Leave the default SSL port.
16. Verify information on the Certificate Summary screen.
17. Click finish
18. Use the View Certificate button to confirm the certificate installation was successfull.
19. Now in order to move this certificate to to the real site, we must access the Directory Security tab of the real web site.
20. Click Server Certificate followed by Replace the current certificate
21. Select the certificate that was previously installed to the tempsite.
22. Confirm details and click finish.
23. Check with your CA vendor documentation to see if any intermediate CA certificates need to be installed.
24. Delete the tempsite created in Step 1.
25. Done!
No comments:
Post a Comment