Thursday, July 09, 2009

One from the coal face

Myself: We've been running the auction site for years and the SSL key is still only 512. When renewing the certificate on IIS, how can I increase my CSR key size in IIS 6 without removing my existing certificate?

Prodnose: When you renew a certificate the CSR that is created will retain all of the exact details that were set when the certificate was first set up. This includes the key size of the certificate. You can't remove the existing certificate using IIS and recreate the CSR details using the Certificate Wizard because that action will take your website down on port 443 during this process.

Myself: Well we can't do that then. Analysis please Mr. Data.

Prodnose: You could create a 'dummy' website in IIS. This website can be a blank default. Once this has been done, you will then need to create a new CSR for that 'dummy' website, allowing you to change the key size. When you receive your certificate file, install it onto the dummy website as normal. You can now assign the certificate from the dummy website to the production website with no downtime. Once you have done this, you can simply delete the 'dummy' website.

Myself: Make it so.

No comments: