Renewed SSL Certificate
Sunday 4th January, 2015 19:59 Comments: 0
With around 6 weeks to go, I renewed my SSL certificate early. The process could have been a touch smoother, but then again I didn't have to renew my SSL certificate using GoDaddy. Yes, I still think they're a bit evil, but their certificates are basically supported by everyone. The automated process for domain validation takes a surprisingly long time before it fails (as I didn't buy my domains through them and I've protected my whois details) and sends the email containing the unique code to verify domain control. Plus there's an interim period of around 15 minutes between telling you about the HTML file and DNS options on the web page and the email/code actually being generated (which causes a bit of confusion on the web page). It's meant to retest every 15 minutes, but they also give you a button to click if you want to notify them - although this doesn't appear to speed things up.
Still, I got there in the end, and the zip file with everything I needed for IIS was well packaged. It only took a few minutes to install the new certificates, configure things on my server, and verify everything was okay using the Qualys SSL Labs site. I only get a rating of B because Windows Server 2008 support TLS 1.0 but doesn't support TLS 1.2, and because I still support RC4 ciphers which is weak (but if I didn't it might stop more people from connecting, although it sounds like this would only affect a very tiny fraction of Internet users nowadays).
I'll probably address all of these remaining issues over the summer, as I'm seriously considering moving this website (and possibly a couple of other things) into the cloud. I already have one VM in Microsoft's cloud (currently just a secondary DNS server, but with the ability to scale if I ever need it to do anything more demanding), which has worked flawlessly so far, so it's very tempting to create a new Windows Server 10 VM whenever it's released. Especially when the current server has been running for several years.
Still, I got there in the end, and the zip file with everything I needed for IIS was well packaged. It only took a few minutes to install the new certificates, configure things on my server, and verify everything was okay using the Qualys SSL Labs site. I only get a rating of B because Windows Server 2008 support TLS 1.0 but doesn't support TLS 1.2, and because I still support RC4 ciphers which is weak (but if I didn't it might stop more people from connecting, although it sounds like this would only affect a very tiny fraction of Internet users nowadays).
I'll probably address all of these remaining issues over the summer, as I'm seriously considering moving this website (and possibly a couple of other things) into the cloud. I already have one VM in Microsoft's cloud (currently just a secondary DNS server, but with the ability to scale if I ever need it to do anything more demanding), which has worked flawlessly so far, so it's very tempting to create a new Windows Server 10 VM whenever it's released. Especially when the current server has been running for several years.