Using a Wildcard certificate on multiple Webservers
The following advice is from Microsoft's website:
In IIS 5.0 - to use the wildcard certificate you have just installed in the original
server that made the certificate request - in other servers, you must:
- Export the certificate and private key from the original IIS server to
a Personal Information Exchange - PKCS #12 (PFX) file
- Import the certificate and private key from the Personal Information
Exchange - PKCS #12 (PFX) file - into the new server
In IIS 5.0, you can export the private key in PKCS #12 format (*.pfx), using
the certificate export wizard.
- Start the Internet Information Service
- Display the properties of the Web site.
- Click the Direct Security tab.
- Click View Certificate button.
Certificate is displayed.
- Click Details tab.
- Click Copy to File... button.
Certificate Export Wizard starts.
- Click the Next button.
Export Private Key page appears.
- Select Yes, export the private key, and click the Next
Export File Format page appears.
- Select Personal Information Exchange - PKCS #12 (PFX)
- Select Include all certificates in the certification path if possible
IMPORTANT: ensure all other check boxes are NOT checked (especially the one marked - Delete
the private key if the export is successful),
(if the private key is deleted from this server, SSL operations on this server will cease)
and click the Next button.
- Password page appears.
Enter the password if necessary, and click the Next button.
- File to Export page appears.
Enter the file name, and click the Next button.
- Completing the Certificate Export Wizard page appears.
Click the Finish button.
The certificate is exported to the file, and "The export was successful" message
To import a certificate from a pfx file, you will need the Microsoft
Management Console (MMC) & the certificates snap-in
To add Local Computer Certificate Management to a new MMC console for a local
- Click Start, click Run, type mmc, and
then click OK.
- On the Console menu, click Add/Remove Snap-in, and
then click Add.
- Under Snap-in, select the Certificates snap-in and
click on Add
- Select "this snap-in will always manage certificates for" Computer
- Select "this snap-in will always manage" Local
Computer (the computer this console is running on), and then click Finish.
- Choose "Close" in the "Available Snap-ins" window
- Click on OK in the Add/Remove Snap-in window
Now that you have access to the Certificates snap-in, you can import the
server certificate into you computer's certificate store by following these steps:
- Open the Certificates (Local Computer) snap-in and navigate to Personal,
and then Certificates.
- Right-click Certificates (or Personal if that option does not exist.)
- Choose All Tasks, and then click Import.
- When the wizard starts, click Next. Browse to the pfx file you created
containing your server certificate and private key. Click Next.
- Enter the password you gave the pfx file when you created it. Be sure the Mark the key
as exportable option is selected if you want to be able to export the key pair again from
this computer. As an added security measure, you may want to leave this option unchecked
to ensure that no one can make a backup of your private key.
- Click Next, and then choose the Certificate Store you want to save the
certificate to. You should select Personal because it is a Web server certificate. If you
included the certificates in the certification hierarchy, it will also be added to this
- Click Next. You should see a summary of screen showing what the wizard
is about to do. If this information is correct, click Finish.
- You will now see the server certificate for your Web server in the list of Personal
Certificates. It will be denoted by the common name of the server (found in the subject
section of the certificate).
To enable Internet Information Services 5.0 to use the imported certificate
(and the corresponding private key) perform the following steps:
- Open the Internet Services Manager (under Administrative Tools) and navigate to the Web
site you want to enable secure communications (SSL/TLS) on.
- Right-click on the site and click Properties.
- You should now see the properties screen for the Web site. Click the Directory
- Under the Secure Communications section, click Server
- This will start the Web Site Certificate Wizard. Click Next.
- Choose the Assign an existing certificate option and click Next.
- You will now see a screen showing that contents of your computer's personal certificate
store. Highlight your Web server certificate (denoted by the common name), and then click Next.
- You will now see a summary screen showing you all the details about the certificate you
are installing. Be sure that this information is correct or you may have problems using
SSL or TLS in HTTP communications.
- Click Next, and then click OK to exit the wizard.
You should now have an SSL/TLS-enabled Web server. Be sure to protect your pfx
files from any unauthorised personnel.
Copyright © Trustis Limited 2010. All Rights
This document is licensed for use only in conjunction with the use of Trustis Trust