Wednesday, August 18, 2010

IIS 6: Installing Duplicate Certificates to Multiple IIS 6 Servers For Server Farm Implementation

Symptom:

You have more than one servers that are hosted through a load-balanced router. The external address is assigned to (obviously) a single Fully Qualified Domain Name (FQDN). You want to install the same server certificate that represents the same domain name across all your IIS 6 based servers.

Procedure:

First off, yes you can do this. The procedure is very clearly explained in this Microsoft article:


Just in case we lose above article, here is the gist of how it is done.
  • Request and install the cert on the first server as you would normally do. Don't do the request from other servers, if you do, remove any pending cert requests.
  • Open the MMC and add the Certificate module.
  • Open the Computer Account then Personal certificate folder.
  • Navigate down to the Web Certificate you want to export.
  • Right click tasks and Export.
  • In the wizard select to include the Private Key and include all certificates in the path in the next page.
  • Copy the exported result to another server
  • Do the same MMC stuff
  • Import the stuff you exported into the Personal store
  • From the IIS certificate section of the Directory Security, do the "Assign an Existing Certificate"
That's basically all you need to do.



No comments: