2

I generated a request from a production web server, then gave it to my boss who sent it off and then emailed me back the 4 .crt files he received.

On another server (our staging server) I installed the 3 root certs and 1 intermediate cert using mmc. Now I need to add an https binding that uses this SSL certificate but I'm not sure how to get it to show up in the drop down. From what little I know, it seems to me like I need to complete the certificate request on the production server I made the request from and export the cert from there as a pfx file that I can then import into IIS on the staging server. I'm told that I shouldn't need to do that.

What is the correct way to do this?

BVernon
  • 403
  • 1
  • 7
  • 19

1 Answers1

3

You do need to do that. When you create the certificate request, your computer automatically generates a mathematically related private key at the same time. This private key is associated to that exact certificate request. No one else has the private key except for the computer on which the request was generated. Those signed .crt files that you get back from the Certificate Authority do not contain the private key, and they need to be "married" to their private key back on the same machine on which the original request was generated.

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • Thanks. So I completed the request in production and then exported the pfx and imported that into our staging server. Then I selected it as the cert to use when creating the https binding to our website but when navigating to the site I now get a "The security certificate presented by this website was issued for a different website's address". It's a wildcard cert. Assuming the request had the correct name on it, is there anything else that comes to mind that could be causing this problem? – BVernon Oct 23 '14 at 21:25
  • So... what is the subject listed on the certificate, and what is the fully qualified name by which you are accessing the site? – Ryan Ries Oct 23 '14 at 21:32
  • Subject has *.oursite.com. The website on the staging server is www.mo.oursite.com. Surely the ".mo" wouldn't be throwing it off? – BVernon Oct 24 '14 at 14:14
  • Yes it will. Wildcard certs cover only a single subdomain. So for instance, www.oursite.com would be OK, but www.anotherdomain.oursite.com would not be OK. Sorry! – Ryan Ries Oct 24 '14 at 14:56
  • Ah... ok, thanks. Guess we'll probably just have to make our own for QA and development then. – BVernon Oct 24 '14 at 19:46