Windows Server administrators, whenever you have to renew a certificate, doesn't it seem that you always learn something along the way? Whenever a Windows Server 2003 system has a certificate renewed, especially a self-signed certificate, we have to go through major hoops to determine the site identifier (site ID) of the specific Web site for IIS.
The site ID is the identifier of the Web site on the IIS engine. Simply put, the built-in site (Default Site) has a site ID of 1, yet a subsequent site ID may not be 2; this makes it quite a bit more difficult to intervene when the site ID number matters, especially if the server has more than one Web site running.
For Windows Server 2003 systems, the easiest way to determine the site ID is to look at the logging configuration. Most log files would look like either of these examples:
W3SVC1: Indicates the default site identifier of 1
W3SVC385401: Indicates a site identifier of 385401
For Windows Server 2008, you don't have to dig through the logging configuration to determine the site ID. For sites other than the Default Site, if you right-click and select the Advanced Settings option, you will see the site ID displayed. Figure A shows this for a server with an additional Web site configured in IIS.
Figure A
Click the image to enlarge.
This situation comes up very rarely and is irritating because server admins don't usually spend much time in this area.
An important note regarding certificates for IIS 7 on Windows Server 2008: The tools are installed by default to easily manage and create certificates. In the case of self-signed certificates, you have to download the IIS 6 Resource Kit to run the SelfSSL.exe tool. Figure B shows the area of IIS where the server (not each site) has certificate configuration, including self-signed certificates.
Figure B
Click the image to enlarge.
Site IDs come up most frequently when self-signed certificates are renewed, so it makes sense to determine when to stand up your own internal certificate authority; this can include Active Directory Certificate Services or OpenSSL.
Rick Vanover is an IT Infrastructure Manager for Alliance Data in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.
No comments:
Post a Comment