IIS 8: Renew Your Expiring SSL Certificate Using the ¶ºÒõ¹Ý Utility
Use the ¶ºÒõ¹Ý® Certificate Utility for Windows to create your CSR (certificate signing request) and install your SSL Certificate. Then, use IIS 8 to reconfigure your site bindings to use the new SSL Certificate.
To Renew Your IIS 8 SSL Certificate:
-
Create your CSR.
-
Install your new SSL Certificate.
-
Configure or assign your new SSL Certificate.
1. Create Your CSR Using the ¶ºÒõ¹Ý Utility
Best practices are to generate a new certificate signing request (CSR) when renewing your SSL certificate.
-
On your IIS 8 server with the expiring certificate, download and save the ¶ºÒõ¹Ý® Certificate Utility for Windows executable (¶ºÒõ¹ÝUtil.exe).
-
Run the ¶ºÒõ¹Ý® Certificate Utility for Windows.
Double-click ¶ºÒõ¹ÝUtil.
-
In ¶ºÒõ¹Ý Certificate Utility for Windows©, click SSL (gold lock), select the expiring certificate that you want to renew, and then, click Create CSR.
-
In the "Would you like to import the attributes from 'certificate' into the new CSR?" window, click Yes.
-
On the Create CSR page, verify that all the certificate details are correct, and then click Generate.
-
On ¶ºÒõ¹Ý Certificate Utility for Windows© - Renew Certificate page, do one of the following, and then, click Close:
Click Copy CSR. Copies the certificate contents to the clipboard. If you use this option, we recommend that you paste the CSR into a tool such as Notepad. If you forget and copy some other item, you still have access to the CSR, and you do not have to go back and recreate it. Click Save to File. Saves the CSR as a .txt file to the Windows server. We recommend that you use this option.
Renew Your SSL Certificate
Renew your SSL certificate from inside your ¶ºÒõ¹Ý CertCentral account.
Are you new to the ¶ºÒõ¹Ý team? You can "replace" your certificate with a ¶ºÒõ¹Ý certificate. Order your new certificate here - Purchase Your ¶ºÒõ¹Ý Certificate.
-
Log into your?CertCentral account.
-
In CertCentral, in the left main menu, click Certificates > Expiring Certificates.
-
On the Expiring Certificates page, next to the certificate you want to renew, click Renew Now.
A certificate doesn't appear on the Expiring Certificates page until 90 days before it expires.
-
Follow the instructions provided inside your account to renew your SSL certificate.
-
Add your CSR
When renewing the certificate, you'll need to include a CSR. On the "Renewal" page, under Certificate Settings, upload the CSR file you saved to the server.
You can also use a text editor (such as Notepad) to open the file. Then, copy the text, including the?-----BEGIN NEW CERTIFICATE REQUEST-----?and?-----END NEW CERTIFICATE REQUEST-----?tags, and paste it in the Add Your CSR box.
-
After you place the order to renew your certificate, ¶ºÒõ¹Ý verifies your information.
-
If we need any additional information, we will promptly contact you by phone or email. If no additional information is required, we will most likely issue your certificate within an hour.
2. Import Your SSL Certificate Using the ¶ºÒõ¹Ý Utility
Once your renewal SSL Certificate has been issued, run the ¶ºÒõ¹Ý Certificate Utility to import it to your IIS 8 server.
-
After receiving your new certificate file from ¶ºÒõ¹Ý, save the file to the IIS 8 server where you created the CSR.
-
On the same server, run the ¶ºÒõ¹Ý® Certificate Utility for Windows.
Double-click ¶ºÒõ¹ÝUtil.
-
In ¶ºÒõ¹Ý Certificate Utility for Windows©, click SSL (gold lock) and then, click Import.
-
In the Certificate Import wizard, click Browse to browse to the .cer certificate file (i.e. your_domain_com.cer) that ¶ºÒõ¹Ý sent you, select the file, click Open, and then, click Next.
-
In the Enter a new friendly name or you can accept the default box, type a friendly name for the certificate.
Note: The friendly name is not part of the certificate; instead, it is used to identify the certificate.
We recommend that you add ¶ºÒõ¹Ý and the expiration date to the end of your friendly name, for example: yoursite-digicert-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
-
To import the SSL Certificate to your server, click Finish.
You should receive "Your certificate has been successfully imported" message. You are now ready to assign/configure your server software to use the renewed SSL Certificate.
3. IIS 8: Reconfigure Your HTTPS Site Bindings
If you have not yet created your certificate signing request (CSR) and ordered your certificate, see Create Your CSR Using the ¶ºÒõ¹Ý Utility.
-
Open Internet Information Services (IIS) Manager.
From the Start screen, type and click Internet Information Services (IIS) Manager.
-
In Internet Information Services (IIS) Manager, under Connections, expand your server's name, expand Sites, and then select the site with the expiring SSL Certificate.
-
In the Actions menu, under Edit Site, click Bindings.
-
In the Site Bindings window, select binding for https, and then click Edit.
-
In the Edit Site Binding window, in the SSL certificate drop-down list, select your newly installed SSL Certificate by its friendly name and then, click OK.
-
Your new SSL Certificate is now installed to the website.
Test Your Installation
To verify that the installation is correct, use our ¶ºÒõ¹Ý® SSL Installation Diagnostics Tool and enter the DNS name of the site (i.e. www.yourdomain.com, or mail.yourdomain.com) that you are securing to test your SSL Certificate.
Troubleshooting
After importing your certificate on to the new server, if you run into certificate errors, try repairing your certificate trust errors using ¶ºÒõ¹Ý® Certificate Utility for Windows. If this does not fix the errors, contact support.