Heya! It has been a while, but the sun is out so I thought I’d share a gem of a find!
One of the longest running logistical headaches with certificates has been renewing them, and subsequently binding them in IIS. Client certificates aren’t a problem; a wee sprinkle of Group Policy, and all your certificates just automagically renew. However, when you throw server authentication couple with Subject Alternative Names into the mix, you lose the truly luxurious option of automatic renewal.
This equally applies if you’re running Extended Validation enabled certificates, and have to manually apply things like the Common Name, OU, Organisation and Country.
…but this is only half of the job. As far as IIS is concerned, there is now nothing bound to the website, and everything falls over. The net result is that you still have to remind yourself to bind the certificate, although you don’t have to renew it or reenter all the identifying information. Cold comfort!
What was needed, and has been asked for, was the capacity for automagically renewed certificates to be automatically rebound. Well with IIS 8.5, you can 🙂
Hop into IIS, and click on your server name in the top left. On the right hand side, look at the IIS section, and select Server Certificates:
Double click the icon and you’ll have a list of all your available certificates (which naturally have server authentication). Select the desired certificate and then click on Enable Automatic Rebind of Renewed Certificate.
Just don’t forget to follow these three steps:
- GPO, local or otherwise, to enable automatic renewal of certificates (I’ve previously blogged on this!).
- Set the option within the certificate template to automatically resupply the information – redistribute the template if necessary.
- Go into IIS, select the certificate and enable automatic rebind.
For more information on renewing web certificates automatically, there is a great TechNET article here.
Thanks for reading o/