Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We have a self-signed certificate on our IIS7 server that is due to expire and we would like to renew this certificate. I know it is easy to remove the certificate and create a new one but we would like to keep the same one to avoid considerable re-configuring of WCF services and their client applications.
Is this possible?
There is a Renew option in IIS7 (right-click menu on the certificate) but this requires you to specify an online Certificate Authority, which we dont need.
No, it’s not possible.
Because you have chosen to use a self-signed certificate that you have explicitly configured to be trusted in your client, it is that very certificate that is trusted. If you replace that certificate with a new one with different validity dates (even with the same keys, although it’s probably best to change the keys too), it will be a different certificate. Being different, it won’t be the same as the one you had imported in your clients in your initial set up (logically).
A way around this would have been to create your own CA and issue a for your server with it. You wouldn’t have had to reconfigure the clients if using the same CA certificate. Even if had been about to reach the end of validity of the CA certificate (they tend to be valid for a longer duration), you would have been able to roll out and replace the certificates progressively (typically with an intermediate certificate).