UCC Certificates, IIS and GoDaddy.com

OK, so I wanted to do something simple, I wanted to get a UCC certificate from Go Daddy. It would seem simple enough. However, what's not clear is how you actually generate the CSR for the UCC certificate.

For those that don't know, a UCC certificate contains Subject Alternative Name (SAN) entries for your server. This single certificate can be used to secure multiple web servers, similar to a wildcard certificate, except the SANs on a UCC cert don't need to be related. That is, you can have www.mycompany.com and www.mycompany.net on the same UCC cert.

Turns out the process for requesting a UCC cert is really simple, you generate a CSR from IIS just like you would for a single host name. Then you paste that CSR into the GoDaddy site and since GoDaddy knows you're generating a UCC cert IT then asks you for the Subject Alternative Names you want added to the certificate. I spent half the afternoon trying to figure out how to add those names into the CSR on IIS, turns out you don't need to!

Posted by Walden on Wednesday, January 14, 2009

6 comments:

  1. Arrr, yes, but if you put the certificate on 4 servers, and want to add another name to the certificate, do you have to push out the certificate to all the servers again?
    ReplyDelete
  2. Yes. You have to push it out again.
    ReplyDelete
  3. Thanks, you just saved me a quarter of an afternoon! ;)
    ReplyDelete
  4. Great Post - very helpful

    Thanks,
    Simple Dimple
    ReplyDelete
  5. Excellent. Just installed a UCC on Exchange 2010 but then I wanted to do this on a web server and I couldn't get the UCC template for the CSR. Excellent point you brought up about GoDaddy knowing what you had ordered and allowing you to enter the SANs there.

    Great time saver!
    ReplyDelete
  6. Thanks so much for this Walden. You saved me a lot of time. I was looking all over for this on Godaddy.
    ReplyDelete

Subscribe to: Post Comments (Atom)