Error binding ssl cert to website in IIS7.5, is the fix a security risk?

0

I created a new website on my new install of Windows Server Enterprise 2008 R2. I can get to the default web site using SSL using the autogenerated cert that was created at some point in the install and configuration of the OS.

I exported our SSL cert from our Server 2003 and attempted to set the cert up on this new install. I imported it with no problems into the cert repository.

The problem arose when I tried to bind the cert to the website. When I select the cert I get "There was an error while performing this operation"
" A specified logon session does not exist. It may have already been terminated. (Exception from HRESULT: 0x80070520)

So I found that the way around this was when you import the cert into the repository you need to mark it as exportable. I guess that seems ok, but is there something I should do to fix any security risks?

windows
windows-server-2008
iis
ssl
asked on Server Fault Sep 4, 2009 by Breadtruck • edited Sep 4, 2009 by Dennis Williamson

1 Answer

1

I do not believe that you have introduced any unnecessary security risks to the web server by this action. Marking the key as exportable during the certificate import is the standard way of doing it. By marking the key as exportable, you are allowing the certificate to be exported again in the future (in case you need to move it to another server).

answered on Server Fault Sep 4, 2009 by Fred Jonas

User contributions licensed under CC BY-SA 3.0