locked
Can I share an SSL certificate between servers? RRS feed

  • Question

  • I understand the idea of certificates but I'm new to applying them to a server so I'm a little confused.

    Right now I have two servers:  Windows Home Server (which is really Server 2003) and Server 2008 R2.

    WHS uses IIS v6.0 and Server 2008 R2 uses IIS 7.0 but I also need the certificate for the TS Gateway running on the server.

    I have a simple ($30/year) SSL certificate from GoDaddy which verifies my server identity and it was generated from a request using IIS 6.0 (Windows Home Server) but when I add it to my Server 2008 certificates it says something about "Certificate does not contain a valid private key."

    Can I share this one certificate between both of my servers?

    Both of them are behind the same firewall/router so the outside domain/ip address is the same but the internal names are different.
    Thursday, September 10, 2009 12:01 PM

Answers

  • You'll need to import both the public (provided by godaddy) and the private (provided by WHS) keys to the 2008 machine.  It sounds to me like you might just be importing the ssl cert file from godaddy.  There's a good tutorial here http://www.digicert.com/ssl-support/pfx-import-export-iis.htm on cert import export using IIS6.

    Also check that the godaddy licensing agreement regarding securing multiple servers with the same ssl certificate permits this.

    Michael
    • Marked as answer by Vinlaen Thursday, September 10, 2009 2:06 PM
    Thursday, September 10, 2009 12:43 PM
  • How did you export the certificate from your WHS?  You need to use the certificate snap-in and export the certificate as a PFX.  When you go through the wizard, you'll need to check the box that says "export the private key" and supply a password.

    Then import the certificate back in on your 2008 server, supplying the same password.

    That should do it.
    • Marked as answer by Vinlaen Thursday, September 10, 2009 2:06 PM
    Thursday, September 10, 2009 1:11 PM

All replies

  • You'll need to import both the public (provided by godaddy) and the private (provided by WHS) keys to the 2008 machine.  It sounds to me like you might just be importing the ssl cert file from godaddy.  There's a good tutorial here http://www.digicert.com/ssl-support/pfx-import-export-iis.htm on cert import export using IIS6.

    Also check that the godaddy licensing agreement regarding securing multiple servers with the same ssl certificate permits this.

    Michael
    • Marked as answer by Vinlaen Thursday, September 10, 2009 2:06 PM
    Thursday, September 10, 2009 12:43 PM
  • How did you export the certificate from your WHS?  You need to use the certificate snap-in and export the certificate as a PFX.  When you go through the wizard, you'll need to check the box that says "export the private key" and supply a password.

    Then import the certificate back in on your 2008 server, supplying the same password.

    That should do it.
    • Marked as answer by Vinlaen Thursday, September 10, 2009 2:06 PM
    Thursday, September 10, 2009 1:11 PM
  • Thanks guys.

    I was only importing the public certificate without the private keys.  I've now gotten it to work.

    I'll have to check the GoDaddy licenseing to see what it says though...
    Thursday, September 10, 2009 2:07 PM