Monday, January 10, 2011

Quick note about regenerating an EXISTING GoDaddy SSL certificate to add, remove or replace SAN entries

Due to the various OCS and Exchange UM services we had to change for client, a significant amount of changes were also required to their public certificates.  I had to go through the exercise of using Go Daddy’s tools to regenerate an existing certificate to replace entries and managed to choose the incorrect options twice which resulted in calls to Go Daddy’s customer support to reissue a credit for us.  Seeing how I’ve been prone to making such an error twice, I thought it would be worthwhile to write a post about it.


You have an existing UCC certificate with, say, 10 entries from Go Daddy and you need to add another entry to it.


The first step is to use your IIS server (in my case it was version 7) to generate a new CSR.  Once you have completed that, you want to navigate into the Manage Certificates tab within the management tool Go Daddy supplies.


DO NOT, I repeat: DO NOT select the certificate and choose “revoke” because by doing so, you’ll render your existing certificate unusable and without a new credit from Go Daddy to create a new one unless you call them.

What you should do is click on the Common Name of the certificate you want to make the changes to.


Once you’re in the properties of that certificate, click on the Manage button.


Once you see the new window opened, you need to click on: Parse new SANs from a CSR


Pasting your new CSR and adding the appropriate SAN entries will allow you to regenerate a new certificate:


From here on, your old certificate will show up for another 24 hours before it will be removed.

I’m no GoDaddy certificate administrator expert but I’m one step closer to being one! :)

1 comment:

Ishwar Sutar said...

Please update it with a new UI.