Categories: Windows Server

SOLVED: How To Renew an Expiring Certificate Used in IIS in 3 Easy Steps

Renewing certificates is always problematic for those who don’t deal with SSL certs all the time. This very short step by step instruction should get you through it without too much problem.

Make sure you click on the screenshots to expand them.

STEP 1- Generate an SSL Certificate Renewal CSR in Microsoft IIS:

  1. Click the START button and go to Administrative Tools > Internet Information Services (IIS) Manager
  2. In the left pane named Connections, click on your server’s hostname
  3. In the middle pane, you should see various options for your server. Double click on the Server Certificates icon
  4. In the right pane named Actions, click on Create Certificate Request…
  5. Type the information to generate a new CSR (Including these fields: Common Name, Organization, Organizational unit, City/locality, State/province, Country/region)
  6. Select Microsoft RSA SChannel Cryptographic Provider as a Cryptographic service provider and change the Bit Length to 2048
  7. Click the NEXT button
  8. Specify your convenient location to store your newly generated CSR like the Desktop or C:\TEMP and click the FINISH button

STEP 2 – Buy The New Certificate From Your SSL Provider:

  1. Log into your account (GoDaddy, EnTrust, or whoever your SSL reseller is) and submit a renewal request by pasting your new CSR
    • Several companies, including GoDaddy, require you to buy a credit for an SSL cert before you actually submit the CSR and this process can be confusing, so don’t hesitate to contact your SSL seller
  2. Once the certificate authority (CA) has received your renewal request, it will conduct a verification process
  3. Once the vetting process is over, the CA will issue the new (renewed) SSL certificate to you

STEP 2 – Install Your Renewed SSL Certificate on IIS Server:

  1. Save the certificate to the same server from where you had generated your CSR
  2. Open your IIS Manager
  3. In the left pane named Connections, click on your server’s hostname
  4. In the middle pane, double click on the Server Certificates icon
  5. In the right pane named Actions, click on Complete Certificate Request…
  6. Click on the three dots (…) to browse to the .CER certificate file of your renewed SSL certificate
  7. Now give the certificate a friendly name that will be easy for you to refer to in the future and the click OK button
  8. Under the Connections pane, expand your server’s computer name, and then click the website that you want to enable SSL on
  9. Go to the Actions menu and click on Bindings
  10. In the Site Bindings pop up, select HTTPS and click on Edit…
  11. Now in the Add Site Binding pop up, choose your renewed SSL (its friendly name) and click the OK button

After the certificate is renewed, you may need to distribute the new certificate to all your employees’ devices again. If you want to avoid this situation in the future, and you are on a corporate domain, you might consider setting up a small internal CA.


Published by
Ian Matthews

This website uses cookies.