Upgrading SSL Certificate to SHA-2 in SharePoint 2013

I'm trying to upgrade my SHA-1 certificate to SHA-2 for both my SharePoint 2013 farms. We have a qa.mysite.com for development work and a www.mysite.com for production. Both are using a *.mysite.com certificate now issued from Go Daddy.

I know very little about certificates to be hionest so I'm kinda fumbling around Google trying to come up with a plan of attack and it seems pretty straightforward but I'd like an expert opinion if anyone has one.

My Plan:

  1. Request the new cert from Go Daddy
    1. Request in IIS
    2. When the new cert is issued, you have 72 HOURS to get it working. The existing one will then expire.
  2. Install the cert in QA
    1. Install cert by completing request in IIS
    2. Update the bindings for the portal site (Good guide)
    3. Add cert to trusted authorities store??
  3. Test
    1. Be sure it works there with no warnings in Chrome
    2. Test SharePoint, BI, search, etc.
  4. Install cert in production
    1. No need to request it, just install the existing one you already installed in QA by changing the site binding??
  5. Test
    1. Be sure it works there with no warnings in Chrome
    2. Test SharePoint, BI, search, etc.

Things I'm not sure about:

I assume that re-keying my certificate is essentially generating a new one that I then have to install?

The same cert should work for both QA and Prod, right? I just request it in QA and then use the same cert to update the IIS binding in prod when I'm ready?

I shouldn't need to change anything on the client machines should I? Go Daddy is already a trusted authority on my own machine (and I assume on all machines in the domain). Go Daddy mentions updating the intermediary certificate though... might have to research that.

I can install the cert in QA and it won't affect production, right?

Thanks for any opinions!



July 28th, 2015 5:03pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics