I'm trying to upgrade my SHA-1 certificate to SHA-2 for both my SharePoint 2013 farms. We have a qa.mysite.com for development work and a www.mysite.com for production. Both are using a *.mysite.com certificate now issued from Go Daddy.
I know very little about certificates to be hionest so I'm kinda fumbling around Google trying to come up with a plan of attack and it seems pretty straightforward but I'd like an expert opinion if anyone has one.
My Plan:
- Request the new cert from Go Daddy
- Request in IIS
- When the new cert is issued, you have 72 HOURS to get it working. The existing one will then expire.
- Install the cert in QA
- Install cert by completing request in IIS
- Update the bindings for the portal site (Good guide)
- Add cert to trusted authorities store??
- Test
- Be sure it works there with no warnings in Chrome
- Test SharePoint, BI, search, etc.
- Install cert in production
- No need to request it, just install the existing one you already installed in QA by changing the site binding??
- Test
- Be sure it works there with no warnings in Chrome
- Test SharePoint, BI, search, etc.
Things I'm not sure about:
I assume that re-keying my certificate is essentially generating a new one that I then have to install?
The same cert should work for both QA and Prod, right? I just request it in QA and then use the same cert to update the IIS binding in prod when I'm ready?
I shouldn't need to change anything on the client machines should I? Go Daddy is already a trusted authority on my own machine (and I assume on all machines in the domain). Go Daddy mentions updating the intermediary certificate though... might have to research that.
I can install the cert in QA and it won't affect production, right?
Thanks for any opinions!
- Edited by Keith Work 9 hours 41 minutes ago