|
Home > Archive > IIS Server Security > September 2005 > Can I share a Web Server certificate by export with provate key and import to another
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Can I share a Web Server certificate by export with provate key and import to another
|
|
| Norman George 2005-09-29, 6:00 pm |
| Hi,
I have two IIS server at two location , all having the same content . If I
have a certificate on Server A , can I export both the certificate and its
private key and re-import to Server B ? In other words , can I share a web
server certificate ?
Norman
| |
| Brian Komar [MVP] 2005-09-29, 8:49 pm |
| Is the certificate from an internal CA (owned by your company). If yes,
you can do this (export is enabled by default), but it does not get you
anything.
Any encryption for SSL is performed with a symmetric key generated for
the SSL session, protected by the Web server's SSL certificate. Even if
you do clustering or NLBS, if you do fail over, you will have to
establish a new SSL session.
If the certificate is from a commercial provider, I doubt that the CA
provider allows for this in the small print you read (lol) when you
requested the certificate
Brian
In article <eGIM4rRxFHA.2232@TK2MSFTNGP11.phx.gbl>,
ngeorge@microsoft.discussion.com says...
> Hi,
>
> I have two IIS server at two location , all having the same content . If I
> have a certificate on Server A , can I export both the certificate and its
> private key and re-import to Server B ? In other words , can I share a web
> server certificate ?
>
> Norman
>
>
>
| |
| Norman 2005-09-29, 8:49 pm |
| Thanks Brian- you answered everything that I want to know - appreciated !!
"Brian Komar [MVP]" <bkomar@nospam.identit.ca> wrote in message
news:MPG.1da630027bdcec79896b1@msnews.microsoft.com...[vbcol=seagreen]
> Is the certificate from an internal CA (owned by your company). If yes,
> you can do this (export is enabled by default), but it does not get you
> anything.
> Any encryption for SSL is performed with a symmetric key generated for
> the SSL session, protected by the Web server's SSL certificate. Even if
> you do clustering or NLBS, if you do fail over, you will have to
> establish a new SSL session.
> If the certificate is from a commercial provider, I doubt that the CA
> provider allows for this in the small print you read (lol) when you
> requested the certificate
>
> Brian
>
> In article <eGIM4rRxFHA.2232@TK2MSFTNGP11.phx.gbl>,
> ngeorge@microsoft.discussion.com says...
|
|
|
|
|