SSL Certificate over multiple servers

TheMSsForum.com: The Microsoft Software Forum

Can anyone advise!

I wish to run an SSL secure site over multiple web
servers. I generated an CSR on one web server and
received the certificate back from verisign and installed
on this server. I then backed up the cert & private key
and imported this into the other servers. When I open
the certificate MMC snapin and view the certificate it
displays "This Certificate has expired or is not yet
Valid" and this is the same for all servers I have
imported the Cert into. The original server Certificate
is fine/valid.

can anyone point me as to where I am going wrong with
this Implementation!!

The setup is W2k IIS5, these servers run multiple site
but this is the only SSL site setup.

Many Thanks!!
Top

Re: SSL Certificate over multiple servers by Andrey

Andrey
Mon May 10 12:21:43 CDT 2004

John Noel wrote:

> Can anyone advise!
>
> I wish to run an SSL secure site over multiple web
> servers. I generated an CSR on one web server and
> received the certificate back from verisign and installed
> on this server. I then backed up the cert & private key
> and imported this into the other servers. When I open
> the certificate MMC snapin and view the certificate it
> displays "This Certificate has expired or is not yet
> Valid" and this is the same for all servers I have
> imported the Cert into. The original server Certificate
> is fine/valid.
>
> can anyone point me as to where I am going wrong with
> this Implementation!!
>
> The setup is W2k IIS5, these servers run multiple site
> but this is the only SSL site setup.
>
> Many Thanks!!

Are you browsing another ssl sites via a different URL ? If yes - alas,
that's a behavior by design. Cert is issued per a URL. In other words,
if you purchased a cert for https://www.domain.name, you will receive a
security prompt trying to use it with https://www2.domain.name.

Solution:

1. To run a few web servers in a Network Load Balance mode (all Web
sites are responding on the same name)

2. To purchase a so-called "wild-card" certificate, which would be valid
for anything looks like https://*.domain.name

-Andrey
Top

RE: SSL Certificate over multiple servers by yonlinemanghn

yonlinemanghn
Thu May 20 20:20:38 CDT 2004

Hello,
It could be possible that the other servers do not have the intermediate
certificates installed or have old/expired intermediate certificates. If
you look at the Certification path in the properties dialog for this new
certificate, do you see any errors?
You might want to try running SSLDiag after binding the new certificate to
a site and checking the log for any errors.
http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-
83d4-06c814265282&DisplayLang=en
If you like, you can post the ssldiag output here for reviewal.
Hope this helps!

Thanks,
Yogita Manghnani
Microsoft Developer Support
Internet Information Server

*********************************************************************
>>Please do not send email directly to this alias. This is an online
account name for newsgroup participation only.<<

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

© 2003 Microsoft Corporation. All rights reserved.
*********************************************************************

Top