The replacement Alpha SSL certificate came as a plain text email, to save as a .crt file and import. Loaded the MMC, added the Certificates option to manage the Local Computer certificate store, and easily imported into the Personal section. From there, head to IIS Manager > Default Website > Properties > Directory Security > Server Certificate and change to the updated certificate.
Easy enough, however on the SBS 2003 Premium, running ISA server as the firewall, you also need to update the certificate in the ISA Outlook web publishing rule too. Right-lick on the rule > Properties > Listener > Properties > Preferences > SSL > Select
But the new certificate doesn't appear on the list. Thats because it needs to be in PFX format, which also includes the private key. This comes from the original certificate request. If you try and export that certificate in PFX format its greyed out, because the private key is missing. There's a quick and easy way to fix the certificate, which doesn't involve exporting or trying to recombine the certificate and key with openssl (yes tried all that!)
Look at the new certificate details and find the serial number - should eb something like a 36 character hex number. Now start a CMD prompt and use the command
certutil -repairstore my "serialno"
Then go back to ISA to change the certificate attached to the web publishing rule listener and your new certificate should be on the list.
(I also did a restart of IIS Admin service - not sure whether that was required or not - let me know in the comments below)
1 comment:
Thank you, this step was really helpful when I needed my 123reg wildcard certificate to work in iis.
Post a Comment