Replacing an SBS’s expired SSL certificate with a brand new one for the same host name

Replacing an SBS’s expired SSL certificate with a brand new one for the same host name

Problem: The SSL certificate for mail.myclient.com expired. The certificate had been purchased from GoDaddy and was installed on the server by a former network admin. No one had any idea whose GoDaddy account had been used originally, and GoDaddy couldn’t tell us for security reasons. So there was no easy way to renew the certificate. We thought that trying to renew the certificate using a different GoDaddy account might lead to problems, so we decided to purchase and install a brand new certificate.

Unexpected difficulty: I tried to follow the excellent instructions for installing a public 3rd-party SSL certificate on IIS on SBS 2003 at the Official SBS Blog. But in step 5 of those instructions, you are told to “select a Host Header value for this Web site that does not conflict with existing sites.” In the example they provide, they set the Host Header equal to the FQDN of the server: mail.contoso.com. In my case, though, the Host Header “mail.myclient.com” did conflict with an existing site — the one with the expired SSL certificate. So I got an error message when I tried to create the site (step 6).

Solution: The name of the temporary web site and its Host Header value do not need to match the FQDN of the server. I ended up creating a web site called Temp Cert Request with a Host Header of tempcertrequest.myclient.com. I used that web site to generate the CSR request, making sure to put mail.myclient.com in as the common name in the wizard (step 11). I used “2008 mail.myclient.com” as the Friendly Name (step 9) just to make sure I knew which certificate was which.

Thanks to Andy Harper and David Houston for assuring me that I didn’t need to worry about matching Host Header with FQDN.

Share
Posted in All, SBS, Software, Technology, Windows Mobile + PPC on Jun 13th, 2008, 2:11 pm by David Schrag   

No comments yet. Be the first.

Leave a reply