|
Home > Archive > IIS Server Security > July 2005 > Certificate Question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Certificate Question
|
|
|
| I'm about to migrate a Verisign certificate from our existing Ex2k OWA
server to a new Ex2k3 OWA server. My question is this: Does the server name
need to stay the same for the cert to be valid? Verisign says:
"VeriSign Server IDs can only be used on Web servers using the Common Name
specified during enrollment. For example, a Server ID for the domain
"domain.com" will receive a warning if accessing a site named
"www.domain.com" or "secure.domain.com", because "www.domain.com" and
"secure.domain.com" are different from "domain.com".
It doesn't look like there's anyway around this, but i'm new to the SSL game
and i might be missing something. Do i need a new cert from Verisign?
Any help is appreciated.
jim
| |
|
| Jim,
You Verisign Certificate will function with the new server but users will
receive a message stating that "The name on the security Certificate is
invalid or does not match the name of the site"
Its up to you i guess whether this is important. Personally I would
recommend you get a new certificate or keep the same name.
hth
"jim" <jim@NOSPAM.com> wrote in message
news:uDuUwFvhFHA.3608@TK2MSFTNGP12.phx.gbl...
> I'm about to migrate a Verisign certificate from our existing Ex2k OWA
> server to a new Ex2k3 OWA server. My question is this: Does the server
> name need to stay the same for the cert to be valid? Verisign says:
>
> "VeriSign Server IDs can only be used on Web servers using the Common Name
> specified during enrollment. For example, a Server ID for the domain
> "domain.com" will receive a warning if accessing a site named
> "www.domain.com" or "secure.domain.com", because "www.domain.com" and
> "secure.domain.com" are different from "domain.com".
>
> It doesn't look like there's anyway around this, but i'm new to the SSL
> game and i might be missing something. Do i need a new cert from
> Verisign?
>
> Any help is appreciated.
>
> jim
>
| |
| Brian Edwards 2005-07-12, 5:56 pm |
| Yes, you will need to revoke the current certificate and request a new one
for the new server's name. The only way around that is to rename the new
server with the old server's name.
"jim" wrote:
> I'm about to migrate a Verisign certificate from our existing Ex2k OWA
> server to a new Ex2k3 OWA server. My question is this: Does the server name
> need to stay the same for the cert to be valid? Verisign says:
>
> "VeriSign Server IDs can only be used on Web servers using the Common Name
> specified during enrollment. For example, a Server ID for the domain
> "domain.com" will receive a warning if accessing a site named
> "www.domain.com" or "secure.domain.com", because "www.domain.com" and
> "secure.domain.com" are different from "domain.com".
>
> It doesn't look like there's anyway around this, but i'm new to the SSL game
> and i might be missing something. Do i need a new cert from Verisign?
>
> Any help is appreciated.
>
> jim
>
>
>
| |
| Ed Crowley [MVP] 2005-07-12, 5:56 pm |
| If your cert is for the web site name, not the server name, you can export
the certificate and import it on the other server and your web site visitors
will get no warnings. You could use the cert on the new server if you still
use the old URL but it points to the new server via a CNAME record, for
example.
By the way, if you're just publishing OWA for your own users using SSL, and
you're not using the cert to prove your web site's own identity to
strangers, then there's no reason you can't have your own CA and issue your
own certs. All you'll have to do is have your own users add your CA as a
trusted root.
--
Ed Crowley
Celebrating a decade of Exchange peer support
"jim" <jim@NOSPAM.com> wrote in message
news:uDuUwFvhFHA.3608@TK2MSFTNGP12.phx.gbl...
> I'm about to migrate a Verisign certificate from our existing Ex2k OWA
> server to a new Ex2k3 OWA server. My question is this: Does the server
> name need to stay the same for the cert to be valid? Verisign says:
>
> "VeriSign Server IDs can only be used on Web servers using the Common Name
> specified during enrollment. For example, a Server ID for the domain
> "domain.com" will receive a warning if accessing a site named
> "www.domain.com" or "secure.domain.com", because "www.domain.com" and
> "secure.domain.com" are different from "domain.com".
>
> It doesn't look like there's anyway around this, but i'm new to the SSL
> game and i might be missing something. Do i need a new cert from
> Verisign?
>
> Any help is appreciated.
>
> jim
>
|
|
|
|
|