Thursday, February 3, 2011

same SSL certificate in two servers

I want to add same ssl certificate in two servers. They boath use same domain. In first server works ok but when i add certificate in second one everything is ok but when i close IIS and check back again in Server Certificates List certificate dissaper.

I google and read forums but i can not fins solution why certificate dissapears.

From serverfault senzacionale

  • Which version of IIS? Is it the same on both servers?

    What format is your certificate saved in?

    Are you trying to import it using the same procedure on both servers, or are you trying to export it from one server to the other?

    Is this the only certificate you're using on both servers?

    Do those servers only have one web site, or multiple ones?

    senzacionale : problem was with private key and format. Thx
    From Massimo

  • The SSL certificates that I've installed have all been machine specific, meaning the certificate is paired with the fully qualified domain namd FQDN. The certificate will only work on that specific server.

    I believe you can purchase domain specific SSL certificates that will work on any computer inside a specific domain.

    I would suggest checking to see if this is the issue you are having.

    Kara Marfia : Yes, you'll need a different certificate for each server or a wildcard (domain) certificate.
    From Aaron

  • Maybe I'm missing something. In my understanding, an SSL cert is FQDN specific, not machine specific (although maybe there is a type of SSL certificate that is machine specific) and that you could export the cert from one server in pfx format and import it to another server, which is what I've done with my primary and standby Exchange servers for the past 5 years.

    senzacionale : if i export ssl certificate with private key and save it like .pfx and import it in mmc.exe then start working. Thx for idea.
    joeqwerty : Glad to help. If anyone knows if I've gone wrong with this from a technical or EULA\Legal standpoint, please chime in.
    Olaf : I'm not aware of a cert that is machine specific - it can't be: It certifies the authenticity of the private key in combination with the FQDN. Once the private key is known to another machine, this machine can - under the same FQDN - operate with the same key and the same certificate without problems.
    Olaf : whoops - your comments crossed paths with mine. If your cert vendor has any restrictions on how to use their cert is a different thing. Nothing to answer here - look at the terms and conditions of your vendor that apply to your specific situation/contract
    joeqwerty : Thanks Olaf....
    From joeqwerty
Posted by Mu Cat at 8:50 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)