Amer Kamal offers a solution to a long-standing request for auto-renewing IIS web server certificates, over on the Windows PKI (ADCS) blog!

The problem:

Working with Internet Information Services (IIS) certificates can be a bit challenging especially during renewal time. Most organizations do not track Web SSL certificates which in turn might expire and cause an unplanned outage. Those who track this information on the other hand, have to make sure certificate are renewed before their expiration period or find ways to notify the application owners of their certification expiration beforehand.

And the solution, available as a certificate template property as of Windows Server 2008 R2:

The Certificate Template’s design includes a new option Use subject information from existing certificates for autorenewal requests. This option allows the certificate to renew automatically, including any information in the Subject Name, or any additional information in Subject Alternate Names fields.

I haven’t tried this yet, but it could be a real boon for organizations using an internal ADCS PKI for their web server certificates.

More at the PKI Blog: Renew Web Server (SSL) Certificates Automatically


Posted by Tristan Kington, MSPFE Editor, IIS Noodler, and PKI Dilettante.