De website van deze server had al een self-signed certificaat en de CSR die ik hiervoor aanmaakte was gegenereerd op basis van dit Self-Signed Certificate, wat schijnbaar bovenstaande foutmelding tot gevolg had.
De makkelijkste manier om dit probleem te verhelpen is het huidige Self-Signed Certificaat te verwijderen en een nieuwe CSR code te genereren.
In sommige gevallen is deze oplossing echter niet gewenst omdat de site dan niet SSL beveiligd is totdat het nieuwe certificaat is geinstalleerd. Om dat probleem te verhelpen heb je de mogelijkheid om tijdelijk een nieuwe site aan te maken en op die site de CSR code te genereren zoals ook in onderstaand verhaal staat uitgelegd:
How to create a CSR without removing your current certificate in IIS
The renewal request option within IIS 5.x or better does not create a request in a PKCS10 format. It throws an invalid country code in there (QC for Quebec) IIS 5.x or better does not allow your site that is currently running SSL to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a SSL session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following.
Please read and print these instructions before submitting your new certificate request.
1. Leave your existing site that currently has the certificate installed alone.
2. Create another Temporary site within IIS (this does not have to be a functional site, see Related Items).
3. Enter Properties for the newly created Temporary site, then go to the Server Certificate button ( Certificate Wizard) to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace.
4. Install this certificate into your new Temporary site; follow the process the pending request by selecting the certificate file we sent you. Complete the installation of your new certificate into your Temporary web site.
5. Go to your Production web site, enter Properties, and select Replace the current certificate - choose the new certificate from the list.
6. Make sure you bind the web site to a unique IP address at https Port 443, then Stop and then Start your web site. Your new certificate should be installed.
7. Now delete the new Temporary site!
8. When convenient, go into your MMC console (with Certificate snap-in for the local computer added) and delete the old certificate. (optional step you may leave this certificate on the server if you wish)
9. Export the certificate with the private key in PFX format through the MMC (Right Click on the certificate, select "All tasks" then select "export". Do make sure you export with the private key!)
Please read and print these instructions before submitting your new certificate request.
1. Leave your existing site that currently has the certificate installed alone.
2. Create another Temporary site within IIS (this does not have to be a functional site, see Related Items).
3. Enter Properties for the newly created Temporary site, then go to the Server Certificate button ( Certificate Wizard) to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace.
4. Install this certificate into your new Temporary site; follow the process the pending request by selecting the certificate file we sent you. Complete the installation of your new certificate into your Temporary web site.
5. Go to your Production web site, enter Properties, and select Replace the current certificate - choose the new certificate from the list.
6. Make sure you bind the web site to a unique IP address at https Port 443, then Stop and then Start your web site. Your new certificate should be installed.
7. Now delete the new Temporary site!
8. When convenient, go into your MMC console (with Certificate snap-in for the local computer added) and delete the old certificate. (optional step you may leave this certificate on the server if you wish)
9. Export the certificate with the private key in PFX format through the MMC (Right Click on the certificate, select "All tasks" then select "export". Do make sure you export with the private key!)
Geen opmerkingen:
Een reactie posten