UCC Certificates, IIS and GoDaddy.com

OK, so I wanted to do something simple, I wanted to get a UCC certificate from Go Daddy. It would seem simple enough. However, what's not clear is how you actually generate the CSR for the UCC certificate.

For those that don't know, a UCC certificate contains Subject Alternative Name (SAN) entries for your server. This single certificate can be used to secure multiple web servers, similar to a wildcard certificate, except the SANs on a UCC cert don't need to be related. That is, you can have www.mycompany.com and www.mycompany.net on the same UCC cert.

Turns out the process for requesting a UCC cert is really simple, you generate a CSR from IIS just like you would for a single host name. Then you paste that CSR into the GoDaddy site and since GoDaddy knows you're generating a UCC cert IT then asks you for the Subject Alternative Names you want added to the certificate. I spent half the afternoon trying to figure out how to add those names into the CSR on IIS, turns out you don't need to!

10 comments:

  1. Arrr, yes, but if you put the certificate on 4 servers, and want to add another name to the certificate, do you have to push out the certificate to all the servers again?

    ReplyDelete
  2. Yes. You have to push it out again.

    ReplyDelete
  3. Thanks, you just saved me a quarter of an afternoon! ;)

    ReplyDelete
  4. Great Post - very helpful

    Thanks,
    Simple Dimple

    ReplyDelete
  5. Excellent. Just installed a UCC on Exchange 2010 but then I wanted to do this on a web server and I couldn't get the UCC template for the CSR. Excellent point you brought up about GoDaddy knowing what you had ordered and allowing you to enter the SANs there.

    Great time saver!

    ReplyDelete
  6. Thanks so much for this Walden. You saved me a lot of time. I was looking all over for this on Godaddy.

    ReplyDelete
  7. Thanks so much ! I've been searching 2 days where I could enter the other domains in the IIS CSR wizzard ...

    ReplyDelete
  8. Why not just do it through PowerShell.

    ReplyDelete
  9. Thank you, I was doubting what should I put in Common Name field for UCC CSR before I found your post.

    ReplyDelete
  10. Will this be compatible with Exchange 2003 (IIS 6.0)? Thank you for the reply.

    ReplyDelete