Re: IIS6 Transfer SSL from site to site on same box

"Dooza" <steveNO@xxxxxxxxxxxxx> wrote in message news:usLA$7XKLHA.4780@xxxxxxxxxxxxxxxxxxxxxxx
On 22/07/2010 09:31, Dan wrote:

"Dooza" <steveNO@xxxxxxxxxxxxx> wrote in message
Hi there,
I have been developing a new site on the same IIS6 box. It currently
has an SSL cert that I installed with IIS6 SelfSSL.

When I want to make my test site replace the live site I will need to
transfer the current live SSL certificate to the test site. How do I
do this?



Using the Server Certificate button on the Directory Security tab for
the sites.

In the IIS manager simply remove the SSL certificate from the current
live site using "Remove the current certificate" (it simply removes the
association, it does not delete the certificate!), then go to the test
site and using the "Assign an existing certificate" to then select the
live SSL certificate.

I've done this repeatedly over the past few years with no hiccups yet :)
When we renew certificates we tend to do so on a test site, and then
once the signed certificate is returned from the CA complete it on the
test site, check it's correct with a browser, and then swap it onto the
live site using the above procedure.

All the old certificates remain in the certificate store, you can remove
these if you want from the Certificate Manager MMC (Certificates.msc).

Hi Dan,
I didn't know it worked like this, thank you very much for the info!

So my best course of action is to have a temp site saying site closed for maintenance, stop the current site and remove SSL from current site, stop the test site and remove the SSL, change the host header on the test site to that of the current site, add the SSL and then start the test site which is now the current site.

It should only take you 20 seconds or so to swap them over, do you really need to go to the trouble of having an intermediate maintenance page too?

Also, you could assign the same certificate to both the live and the test site (IIS will happily let you use the same certificate on multiple sites), and set the host headers and SSL port to the same on both (obviously while the test site is stopped of course, as otherwise it will conflict with the current site!), then stop the current site and start the test site - you should be able to get down time to no more than a second or so, at least no more than it would be if you were stopping and starting sites in your method above.