Category Archives: IIS
A custom (non paid) certificate is about to expiry and you are afraid that your web clients won’t be able to login, or have problems logging in due to that certificate expiration?
A great example of this would be OWA (outlook web access) certificates renewal.
1.Go to your IIS web server.
2.Right Click on the website having the expiring certificate and click properties
3.Click on Directory Security tab and then on Server Certificate and click next
4.Click on Renew the current Certificate and then Prepare the request now, but send it later.
5.The wizard will save the Certificate request on a file on your drive (c:\certreq.txt)
6.After the wizard finishes you should fire up your certificate authority web site. IE is recommended for this job!
This should look like this.
7.Click on Request a Certificate link and then on “advanced certificate request”
8.Click on the second link saying:
Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Browse for a file to insert (take the file you created on your certificate request back on step 5). If your IE has its security settings enabled then you may just copy and paste the contents of the txt file created on step 5.
REMEMBER!!! Certificate template should be “Web Server”
Click on submit on your bottom right.
9.Download the certificate created and in case you need it in the future its chain as well.
10.Go back to your IIS that waits for the renewal. Do again steps 2 and 3 in order to go back to Security>Certificates configuration.
11.This time the server waits for the certificate you created and downloaded on step 9.
12.Proceed with submiting the certificate.
13.Export the certificate in pfx format directly from your IIS using the appropriate button on your Certificate Wizard. You will need this in order to publish this certificate again on your firewall/ISA/TMG
Now there is a case that in front of your web server you have an ISA or other Firewall to initially do the “talking” with your external clients. Therefore you need to install this certificate (step 13) to the “talker”
In case of an ISA/TMG:
14.Launch mmc>Add Certificates>LOCAL COMPUTER
15.Remove all old expiring certs from your Personal Directory
16.Import new pfx file (step 13)
17.Check your rule in OWA Publish in SSL/https Web listener –change Certificate.
Have a nice day 🙂
The idea that users are bored to write the full address of the website they want to visit, on their browsers address led to another IT “headache”. Actually this is not too difficult to implement.
First step is to go on your DNS server, choose the zone you like (domain.com) and add a host (A) record, where you simplly LEAVE BLANK the “name (uses parent domain name if blank)”. Do not forget to add the ip address of your web server, cause inability to resolve will take place. This way you produce an A record of the simply “domain.com” with no text no front.
After doing this you should not forget to go on your webserver and edit your bindings. If you don’t have bindings enabled then you should add the “domain.com” plain with no www in front. V-hosts editing would simply do the same job on non MS web servers.
Same actions should be taken if you use publishing and routing on your firewall.
Till next time….bb