Hi,

There is a video which demonstrates step-by-step the request and installation of GoDaddy SSL certificate:

www.netometer.com/.../iis7-godaddy-ssl-certificate

It is important to install first the Intermediate Certificates. In case you have installed first your certificate you have to follow the troubleshooting outlined in:

www.netometer.com/.../index.php

The troubleshooting steps for IIS6 and IIS7 are the same.

Generally GoDaddy allows you to Re-key your certificate up to 3 times, in a 30 days period after you’ve purchased the certificate.

It is a good practice to export your new certificate and keep it in a safe place (together with the Intermediate Certificates) for backup and recovery purposes. Of course, you can download the intermediate certificates anytime but it is easier to have then handy instead of looking for them online and downloading them.

If the server dies and you have to re-install it or you are moving the websites to a new server you can simply import (first the Intermediate certificates) your certificate in the new server. That’s easier, and besides that the right approach to do it.

I will be posting a separate video about this as it seems a lot of people are migrating/upgrading to IIS7 and face the problem with exporting/importing their public certificate(s).

Some people are posting the question – can I run a web server farm (using load balancing for example) and install the same certificate on all the servers. You can physically do this but that’s illegal. You can not use simultaneously the Turbo SSL certificate on more then one servers.

The process of importing/exporting SSL certificate described above assumes that you will stop using it on the old server.

Regards,

Dean

I tried a similar installation procedure and got an error when trying to import the .crt file from GoDaddy.

CertEnroll::CX509Enrollment:_InstallResponse ASN1 bad tag value met 0x8009319b (ASN.267)

this occurred when I clicked OK in the Specify Certificate Authority Response dialog.

any ideas what could be causing this?

Thanks Matt, this worked great for me. Glad to have your site as a resource since Godaddy hasn't updated their instructions for IIS7.

I am having the exact same issue as Jim and re-keying didn't help.  And as an FYI, I am logged in with a domain admin account to the web server. Any thoughts?

P.S.  Great site!

I re-keyed a second time and it worked!  I guess I did something wrong the first 2 times.  Thanks!

Good Info. I wrote a similar piece with some other details on generating CSR's. Just subscribed to your RSS. Good stuff man.

http://twurl.cc/4ol

Pingback from  Installing a GoDaddy Standard SSL Certificate on SBS 2008 « SMB Technology Network Blog

Thanks for the instructions. You'd think GoDaddy would have them. BTW When binding the certificate  I got the following error "The process cannot access the file because it is being used by another process. (Exception from HRESULT: 0x80070020)" I fired up a command prompt and entered NETSTAT -ano to find that the port was in use by another process. Reassigned the port and all is good. Cheers

Thank you for this, I spent ages reinstalling certificates on IIS7 and could not get Exchange Active sync or any websites to work. Then I saw your bit about bindings... IIS7 is so confusing sometimes!

I purchased a wildcard certificate for IIS7 from GoDaddy and it installed with no problem. I added the https bindings to the certificate purchased for the first subdomain desired.

For this first subdomain to which I added bindings I get the error that the "domain name does not match the domain name specified by the certificate".

Also ... do I repeat this https binding process for each of the subdomains for the certificate that I am hosting?

Or did I miss something?

The below point is good as you have explained on Generating CSR Code that most of the people get confused at the same point that how to generate CSR.

==============

Generate a Certificate Signing Request

IIS Manager -> Your Webserver -> Server Certificates -> Actions -> Create Certificate Request...

Match the Common Name and Organization information with what you find on your certificate within GoDaddy's control panel, typically they will both be xxx.yourdomain.com.

I believe for Organizational Unit, you can choose anything you'd like the first time around, but you must match it if you're re-keying a certificate.

==============

Man, why do SSL certificate have to be such a pain in IIS?  It makes me want to bang my head against a wall.  I'm moving a web site to a new server with IIS7.  The old one is on IIS6.  I'd like to get SSL set up before having the new server take over the IP.

First I'm checking out IIS7 since it's much different.  I went to SSL settings but it won't let me do anything since I don't have an SSL binding.  I went to bindings but it won't let me do an SSL binding since I don't have an SSL cert.  I try to import the SSL cert but I don't have the password for the PFX file I had handy.

So back to the old server to export it.  I remember the arcane MMC and snap-in baloney that seemed unrelated to IIS that I dealt with before to get this to work.  I researched what I had to do since I couldn't remember.  I go to Certificate Authority in Admin Tools.  It gives me an error: "Cannot manage Certificate Services. The specified service does not exist as an installed service. 0x424 (WIN32: 1060)".  I read up and learn that I'm supposed to go to Add/Remove Programs to add Certificate Services.  Hmmm.  I reluctantly try that, it requires me to enter in info strangely, then asks to shut down IIS temporarily.  After debating it I went back and tried it and then it asked for a CD labeled Service Pack 1, what the hell.  I canceled and restarted IIS and WWW publishing service immediately.  After more searching, I try running mmc (using Run box) and adding the snap-in for Certificates.  It works!  What the heck is this thing anyway?  I exported, and was able to copy it and import on the new server.  Hallelujah.

What did I have to do in Apache for another site that changed servers?  I copied the SSL cert files over, then specified the file paths in the Apache conf file, restarted Apache and was done.