如何续订iis7自签名证书
[英]How to renew an iis7 self signed ssl certificate
问题描述
We have a self-signed certificate on our IIS7 server that is due to expire and we would like to renew this certificate. 
我们的IIS7服务器上有一个自签名证书即将到期,我们希望续订此证书。 I know it is easy to remove the certificate and create a new one but we would like to keep the same one to avoid considerable re-configuring of WCF services and their client applications. 我知道删除证书并创建一个新证书很容易,但我们希望保持相同,以避免大量重新配置WCF服务及其客户端应用程序。
Is this possible? 这可能吗?
There is a Renew option in IIS7 (right-click menu on the certificate) but this requires you to specify an online Certificate Authority, which we dont need. IIS7中有一个续订选项(证书上的右键单击菜单),但这要求您指定我们不需要的在线证书颁发机构。
1 个解决方案
解决方案1
4 已采纳 2012-05-03 23:44:08
No, it's not possible. 不,这是不可能的。
Because you have chosen to use a self-signed certificate that you have explicitly configured to be trusted in your client, it is that very certificate that is trusted. 因为您已选择使用已明确配置为在客户端中受信任的自签名证书,所以它是受信任的证书。 If you replace that certificate with a new one with different validity dates (even with the same keys, although it's probably best to change the keys too), it will be a different certificate. 如果您使用具有不同有效日期的新证书替换该证书(即使使用相同的密钥,尽管最好也可以更改密钥),但它将是不同的证书。 Being different, it won't be the same as the one you had imported in your clients in your initial set up (logically). 不同,它与您在初始设置中导入的客户端(逻辑上)不同。
A way around this would have been to create your own CA and issue a for your server with it. 解决这个问题的方法是创建自己的CA并使用它为您的服务器发布。 You wouldn't have had to reconfigure the clients if using the same CA certificate. 如果使用相同的CA证书,则不必重新配置客户端。 Even if had been about to reach the end of validity of the CA certificate (they tend to be valid for a longer duration), you would have been able to roll out and replace the certificates progressively (typically with an intermediate certificate). 即使已经即将达到CA证书的有效期结束(它们往往有效期较长),您也可以逐步推出并更换证书(通常使用中间证书)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.