Change the SSL certificate from 1024 to 2048 bit encryption on IIS 6.0
Find resources designed to help you get the most from Replicon
Administrator wants to change the SSL certificate from 1024 to 2048 bit encryption, on IIS 6 for Web TimeSheet website.
In IIS 6.0, it is not possible to change the SSL certificate encryption from 1024 to 2048 bit encryption. In this situation, a new website needs to be created and a new certificate should be created and then the new certificate would be replacing the existing one.
To change the SSL certificate encryption from 1024 to 2048 bit, follow the steps given below:
Create a new Web Site in IIS 6.0.
Steps to create a new web site:
Prepare a Certificate Signing Request (CSR)
Regardless of the SSL vendor the company uses, the first step in the process is to create a Certificate Signing Request — or CSR — that will be sent to the SSL vendor. The CSR is a Base-64 encoded PKCS#10 message that contains all of the information necessary to identify the person or company applying for the certificate. The request also includes the applicant’s public key.
The public key is the public (or, non-private) portion of a combined public key/private key structure that, together, is able to effectively and securely encrypt information.
To create the certificate follow the steps given below:
However, make sure that if the name of the Web Site changes then a new certificate would be required.
Then enter the Geographical Information and click Next.
Then it would bring up the file name for the certificate request. By default the location would be C:\certreq.txt. Click Next
The last screen would bring the Request File Summary. After reviewing the information, click Next and the click Finish to Complete the Certificate Wizard.
Request a certificate from a certificate vendor.
Once the cert file is created, the information needs to processed. At this point the administrator would be required to open up the text file that contains the certificate request in order to copy and paste the encrypted certificate request in the appropriate field on the order form.
Once the administrator complete's the vendor’s certificate request form and provide them with payment, he would receive the SSL certificate via email.
Save the provided certificate somewhere accessible.
Once the SSL certificate is received save this file to a location accessible from your Web server. However, make sure that it has a .cer extension.
Install the certificate:
After making sure that the Web server can access the certificate file, the administrator needs to install the new certificate by completing the certificate process started back in Step 2.
To install the certificate follow the steps given below:
Install necessary intermediate certificates.
Not all SSL certificate vendors are created equal. In order to be fully trusted, any certificate you obtain needs to eventually link to a root certificate that is trusted by your Web browser. However, not all vendor’s SSL certificates are natively trusted by root certificates. As such, with these vendors, the administrator needs to complete the SSL trust chain by, in addition to installing the SSL certificate, installing an intermediate certificate between a root certificate and your new SSL certificate.
If the administrator skips this step, users will continue to get certificate errors until this trust chain is established. The use of an intermediate SSL certificate requires a slight bit of additional network communication at the initial establishment of an SSL-secure session but beyond that, there is no performance penalty.
To install the intermediate certificate follow the steps given below:
Once complete, browse to Web TimeSheet using https and the administrator would get a lock icon and that the details for the certificate match and it would be on 2048 Bit encryption as shown the figure below.