Installing Certificate on IIS when you already have one January 20, 2011

Another awesome post I want to keep track of:

(Original link:  http://serverfault.com/questions/30440/replace-old-ssl-certificate-in-iis6)

I’ve tried to do the renewal-based-on-existing-cert thing before, and it’s always resulted in a bit of a mess (it’s been with Verisign in my case, but I can’t imagine Thawte’s process works much better, although I’m fully prepared to blame my own SSL ignorance at the time). Anyway, the way round this that we worked out is to:

Create a temprary site in IIS. Call it “SSL renewal” or something – it’s never going to see the Internet, so it doesn’t really matter.

Generate a CSR for the new site, using EXACTLY the same parameters as you did for your real site’s cert; site name, org. info, key length, everything.

Go through Thawte’s renewal process, supplying the shiny new CSR that you generated.

When you get the signed response back, process and install it on the temp. site. The certificate is now in the local computer account’s cert store, so it can be seen by IIS – see where we’re going with this?

Now that the new cert’s installed, go into the real site’s SSL properties and select “replace the current certificate”. In the list of certificates to use, you should see your new one. Select it, and you’re done. Feel free to delete the old one afterwards, and don’t forget to back up your certificate and private key!

 

Edit ApplicationHost.config June 10, 2010

From: http://technet.microsoft.com/en-us/library/cc735123(WS.10).aspx 

Edit application host history configuration

To change the application host history settings, edit the configHistory section in the ApplicationHost.config file.

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To edit the configHistory section in the ApplicationHost.config file:

1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
2. Change to the directory %Windir%\system32\inetsrv.
3. Type appcmd add backup backupName to back up the ApplicationHost.config file.A directory with the backup name that you specify will be created under the %Windir%\system32\inetsrv\backup directory. If you do not specify a name, appcmd will generate a directory name automatically using the current date and time.
4. Change the directory to %Windir%\system32\inetsrv\config.
5. Type notepad ApplicationHost.config.
6. In notepad, search for the configHistory section under the system.applicationHost section.
7. Use the article IIS 7.0: configHistory Element (IIS Settings Schema) as a reference to return the configHistory section settings to a well-known state.
8. Save and close the ApplicationHost.config file.