New systems, new challenges

As a full service, web-enabled company, there are a lot of little things that the IT group does that go unnoticed by our clients as well as others within the company.  One of these things is the upkeep of our servers.  Generally speaking, there’s not much to do, but on occasion we find ourselves looking at something entirely new and challenging.

A few months ago, we purchased a new server, complete with the latest and greatest server software from Microsoft.  This included Windows 2008 and IIS 7.  In the beginning there was a huge learning curve, and there are still things we are learning daily, like how much of a pain it is to update files with all the layers of security.  The latest pain crept up and seemed to smack me across the face.

We have several sites on this 2008 server, ones that are important clients and ones that are either ecommerce-based or do some sort of credit card authorization which requires the use of SSL (Secure Sockets Layer) to encrypt the data flow.  We certainly don’t want our clients’ clients to have their credit card information hijacked, even if there’s only a slim chance of it happening.  Now since we moved most of the sites there and didn’t start from scratch, we also moved over the encryption keys and such that belong to the server certificates.  Now these certificates are coming close to renewal time, so we’ve started the update process.  Apparently, Microsoft has decided that they are going to arbitrarily assign 4096 bit keys to the certificate renewal process, even if the original keys were only 1024 bit.  This of course has thrown a kink into the renewal process as our simple little certificates don’t need that high of encryption, it’s not like we’re storing all sorts of banking information and personal data, it’s usually just a simple transaction with little or no storage whatsoever except for the results.  So what normally takes about 15 minutes to do has now drawn over 3 days as I sought out help.

It appears that the only solution is to not renew the certificate, but to create a whole new one.  This is not really a fun thing to do, it’s so much easier to just use the information submitted from last time, but I guess there’s always something with Microsoft.