However, I'd like to do this without downtime on the server. Is there
a way to leave the old one up and running while I request the new
certificate from the new certificate issuing authority.Unfortunately
it looks like I have to delete the old one before I can submit a
certificate request.
Is this correct?
> If you are renewing with same CA then it should not take long at all. I
> just renewed customer with Go Daddy SSL Cert and receive the cert in less
> than 3 min.
>
It wasn't a renewal, since I went with a different certificate
authority. I switched from Thawte to Go Daddy because it was so much
cheaper. I had to delete the old one and replace. Web access worked
fine after the switch but I had to make some additional changes to the
intermediate authority settings on the server to get active sync up
and running again. Still, the downtime was less than an hour so it
wasn't that big a deal.
Here are the intermediate certificate changes I needed to make in
order to get active sync up and running again
---
Dear Secured Certificate Customer,
Thank you for contacting SSL support. The issue you are experiencing
is caused by either the presence of a GoDaddy root certificate in your
trusted root certificate store, or a mis-installation of the
intermediate certificates on your hosting server.
You need to complete the following steps on your server:
• In your Start menu choose Run, then type in MMC.
• Once the MMC Console root is open, hit ctrl + m. This will bring up
the Add/Remove Snap-In dialog box.
• Select "Add"
• In the Add Standalone Snap-in dialog box, choose "Certificates";
then click the "Add" button.
• In the Certificates snap-in box it is very important you choose
"Computer account," hit "Next," and then "Local computer."
• Finish out of the standalone boxes and view the Console Root window.
You should now see a Console Root folder, with a Certificates folder
under it, and a list of folders under the Certificates icon/folder.
• Open the "Trusted Root Certification Authorities" folder and then go
to the "Certificates" sub folder and open it.
• Seach the alphabetical listing for a GoDaddy Class 2 root
certificate.
a) Right click the Go Daddy certificate
b) Select "Properties"
c) Select the radio button for "Disable all purposes for this
certificate"
d) Click Ok
• In the Console Root window, expand on the Intermediate Certification
Authorities folder and open the Certificates folder.
• Find any GoDadddy certificates listed there and remove them.
• Browse to https://certs.godaddy.com/Repository.go
• Right-click and save the following files to your deskop:
gd_cross_intermediate.crt
gd_intermediate.crt
• Right click on the top level folder for the Intermediate
Certification Authorities folder, choose All Tasks, and the Import
option.
• It is imperitive you install these files in the following order.
• Browse to the gd_cross_intermediate.crt file and choose it.
• Place it in the Intermediate Certification Authorities.
• After completing the cross intermediate, do the same process, but
this time for the intermediate certificate.
• Go to the "Personal" folder and open the Certificates folder.
• If you have any expired or unused certificates in this folder,
especially for the same domain you are working on, remove them.
• Also, open the IE browser on your server and go to Tools/Internet
Options/Content and click on the "Certificates" button and check the
Trusted Root folder in it. Search for a GoDaddy Class 2 trusted root.
If there is a GoDaddy listed, select it, click the advanced button and
then uncheck all of the services except "code signing", click OK and
accept until the tools menu is closed. Close all instances of the
browser.
• Stop and then Start the website within your IIS administrative
tools.