SBS 2008 - Need To Renew SSL Cert Wizard Does Not Support SHA-2

[rosco]

Our SSL certificate on our SBS 2008 server is up for renewal. It actually expired yesterday. So, I am going through generating a new certificate request and going through the renewal process.

That is where I am running into trouble. I am trying to renew a 3 year cert and after 2 years, SHA-1 will no longer be supported. So, it is not allowing me to continue. My question is how do I switch SBS 2008 to working with SHA-2? What should my plan of action be here?

After some searching it seems like there are workarounds possible but not that directly apply to SBS2008. Plus, I have learned that you really need to stick to the wizards whenever possible.

Thanks for the help.

 

[k1pp3r]

you don't speficy SHA-256 until you are putting the CSR into godaddy or where ever you purchased the cert from

In IIS set your strength to 2048 or higher, create your CSR then when requesting the cert from the CA specify SHA-256

 

[rosco]

I am trying to do this with the SBS wizard as I know operating outside the wizards can be an issue.

So, I used the wizard to generate the csr and then I pasted it into godaddy. It was then that it was showing that I would be unable to renew for 3 years because the csr was for a SHA-1 cert.

So, if I set the strength in IIS to 2048 or higher then use the wizard to generate the csr will that work? Will changing that setting in IIS effect anything else in SBS that I should be concerned about?

 

[k1pp3r]

You can't change SHA-1 on a renewal, You have to revoke the current cert and request a new one. Which normally requires a call to godaddy for them to credit the remaining time and give you a new cert.