Remove certificate from old server and install on new server - certificate

We host a website in our company.
A certificate was issued to www.ourdomainname.com from the company IT department.
Now we want to move the website to azure and install the certificate there.
I already exported the certificate with private key exported set to true from the server.
1.) What will happen when the certificate is installed on azure when it is also installed on our company server?
2.) What will happen when the website on our server is stopped in the server and the certificate is then imported to the azure website?
3.) How can I guarantee a soft transition time without any break?
The aim is:
Website on the company server going to be deleted and the website on azure is used instead.

What will happen when the certificate is installed on azure when it is also installed on our company server?
web site will be available via SSL in Azure too.
What will happen when the website on our server is stopped in the server and the certificate is then imported to the azure website?
web site on your server will be inaccessble.
How can I guarantee a soft transition time without any break?
it is more about DNS management. There is no much work with SSL. You just install SSL on both internal and Azure servers, so clients can access both. Test if web site on Azure works the same way as on your internal server. Then point all clients (via DNS) to a web site on Azure. When all clients move and there are no references to internal server, you can safely shutdown it.

The SSL Certificate which was exported from the current server has to be imported in Azure. The format of the certificate has to be PFX.
Now, in the DNS Management , you need to edit the A record for the URL and point it to the IP address of Azure. This will make sure that any request made will be handled by Azure .

Related

How to replicate mandatory requirement of server certificate on the REST API client system?

I am developing a desktop client application for an https-protocol based REST API provided by a third party.
I want to test the programmatic communication with the API when the server's certificate is not installed on my local computer. For this, I need to know how to make it mandatory to have the server's computer installed on my computer. Note: the certificate is not self signed, rather it is issued by a CA.
I want to test what errors enterprise users will get when my client application will make the API call to the SSL server in a highly secure enterprise environment where the IT policy is configured to mandatorily require installation of server's certificate on the client's local computer.
Is there such a configuration in Window which makes it mandatory for server certificates installed on local computer, for any API communication? If yes, can someone guide me on the steps for Windows 10 Professional.

SSL certificate for WebAPI

We have a simple system with a REST service (WebAPI) that will be hosted on one machine (hosted on IIS on a custom port, port numer 3031) and with a website hosted on another machine that will be talking to the service.
We want both to use SSL, so as I understand we will need to purchase two separate SSL certificates for the production deployment on the Internet.
Does that sound right?
If so, then I don't know how do I request and purchase a certificate for the WebAPI REST service... The service will be hosted on a custom port 3031, should I purchase a normal certificate for the domain name of the machine where the service will be hosted? And then should I basically install the certificate on the IIS on that machine (like it's described here: https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/working-with-ssl-in-web-api).
How will I be able to perform a verification of the domain for the purchased certificate if I'm going to use the certificate for a REST service on a custom port? (not for a regular website).
Apologies for my ignorance, I have searched the forum to find an answer to my issue, but I didn't find one, maybe it's because my very limited knowledge about certificates and security.

How to update SSL certificate on EC2 instances

Here is my dilemma. Currently we run quite a few server on AWS EC2 service. Before my time, they used to configure Server images with the SSL certificate on them. Now, the certificate is about to expire and we need to replace the old one with the new one. I have read documentation on AWS in regards to uploading new certificate to IAM but it is very confusing. Is there any way, for example, using Power Shell commands to upload the new certificate to the existing servers?
Thanks in advance.
If you have certificates that are expired on existing instances and NOT on an Elastic Load Balancer, then you need to update each server as needed, on that server.
It is not an IAM type server certificate.
So you need to touch each server and upgrade. If you have AMIs for each server, you may need to create new AMIs after upgrading the certificate.
See Install certificate with PowerShell on remote server for some suggestion on PowerShell methods of installing a certificate file remotely.
Depending on your budget, you could consider using an ELB even for one instance, and installing the SSL cert there. It makes it easier in the long run to manage certs at the ELB level, rather than at the server/AMI level

Installing Wildcard SSL Certificate on Azure VM

I'm developing an application on Azure VM and would like to secure it by using the wildcard SSL certificate that I'm already using with my main domain. The SSL cert works with any *.mydomain.com and the application on Azure VM is accessible through myapplication.cloudapp.net
Based on the research that I've done, CNAME should be the best option to do that (I can't use A record since we need to shutdown the VMs every week and turn them back on the next week and will lose the ip addresses).
My two questions are:
How can I have myapplication.cloudapp.net be shown as subdomain.mydomain.com?
Will doing that make it possible for wildcard SSL certificate to be used for Azure application too?
How can I have myapplication.cloudapp.net be shown as
subdomain.mydomain.com?
Yes - this is just the CNAME forwarding and ensuring that the appropriate SSL certificate is installed on the server.
Will doing that make it possible for wildcard SSL certificate to be used for Azure application too?
Well as you're already exposing the Application through the VM - this should happen seemlessly.
Just a word of caution, you mention that you're using the certificate on the main domain, but haven't mentioned where you're using this. Be aware that, out-of-the-box, you can only assign one SSL per HTTPS endpoint. You can enable multiple SSL certificates on an Endpoint for Azure / IIS using Server Name Identification and can be enabled directly or automatically. If you do take this route, remember to configure your SNI bindings first, then apply the default binding - it kinda screws up otherwise.

SSL Cert on Seperate Email Server and Web Hosting Server?

I am working with a client who needs SSL on their Email and Web Site.
We have their site hosted on a Rackspace Cloud Site (Wordpress so Apache and all that jazz).
From what I can tell their Email is on an ISS server of their own.
They want to apply this SSL Cert they bought through GoDaddy and apply it to this email server and to the site on our hosting server. Now I am only a Web Developer with enough server knowledge to get sites launched and running, But I don't think you can apply the same SSL Cert on two different types of servers.
What would the solution be for this?
Would you purchase a second ssl? Is that even possible?
Sorry if this is a all completely wrong I am trying to use my limited knowledge of SSL to describe the situation.
I'm pretty sure you can use the same certificate if it's going on two servers as long as they are both using the same domain. You don't need to purchase a second ssl. The tricky part might be if the two servers require different certificate file formats.
Also, just do the CSR part on ONE of the servers (use the one you trust the most). On the other server just install the certificate bypassing the CSR part.