locked
Question about SSL renewal on IIS RRS feed

  • Question

  • User-1636023625 posted

    I  have a SSL on an IIS server. It expires soon. The cert from the commercial SSL provider got auto renewed and has a new validation date. To update the cert on my IIS server, since it hasn’t expired yet, The cert on the cert provider has all of the same info as the previous cert except for the validation date. i just need to download the SSL from cert provider, import the new intermediate SSL cert in the server’s certificates MMC. Then go to IIS>server name> server certificates>actions and then Import?  I was confused whether i needed to "create certificate request" and "complete certificate request" or just "import"

    Friday, February 12, 2021 2:04 PM

All replies

  • User-848649084 posted

    you could follow the below steps to renew the certificate in iis:

    Renew Your SSL Certificate:

    You need to log into your account (of the platform where you purchased your SSL) and submit a renewal request by pasting your new CSR. Once the certificate authority (CA) has received your renewal request, it will conduct a verification process (like it did at the time when you bought your SSL certificate the first time).

    Once the vetting process is over, the CA will issue the new (renewed) SSL certificate to you. You’re supposed to install this certificate on your IIS server.

    Install Your Renewed SSL Certificate on IIS Server:

    1)First, save the certificate to the same server from where you had generated your CSR.

    2)Open your IIS Manager.

    3)In the left pane named Connections, click on your server’s hostname.

    4)In the middle pane, you should see various options for your server. Double-click on the Server Certificates icon.
    5)In the right pane named Actions, click on Complete Certificate Request…
    6)Click on the three dots (…) to browse to the .CER certificate file of your renewed SSL certificate.
    7)Now give the certificate a friendly name that will be easy for you to refer to in the future and click OK.
    8)Under the Connections pane, expand your server’s computer name, and then click the website that you want to enable SSL on.
    9)Go to the Actions menu and click on Bindings.

    10)In the Site Bindings pop-up, select https and click on Edit…
    11)Now in the Add Site Binding pop-up, choose your renewed SSL (its friendly name) and click OK.

    after updating the certificate check the expiration date of the certificate.

    Monday, February 15, 2021 7:47 AM
  • User-848649084 posted

    Hi,

    Is your issue solved?

    If your issue is solved then I request you to mark the helpful suggestion as an answer. This will help other people who face the same issue.

    If your issue still exists then try to refer the solution given by the community members.

    If then also you have any further questions then let us know about it.

    We will try to provide further suggestions to solve the issue.

    Thanks for your understanding.

    Regards

    Jalpa.

    Monday, February 22, 2021 9:41 AM
  • User-1636023625 posted

    Thank you for your previous response. I still run in to an issue when after Complete Certificate Request, then browsing to the cer file, adding a friendly name and clicking ok.  In Server Certificates, it then shows the original godaddy certificate which the date expiring in May 2021, and the certificate with the the renewed date expiring in 2022. When i click to server and then back to Server Certificates the expiring certificate is still there, but the new one is gone.

    Wednesday, February 24, 2021 3:37 PM
  • User690216013 posted

    When i click to server and then back to Server Certificates the expiring certificate is still there, but the new one is gone.

    The cause is rather simple that your CA gave you the new certificate and expected you to merge it with the previous private key, but you cannot do that via IIS Manager (as the private key was probably deleted when you completed the request last time).

    Right now, you might use tools such as OpenSSL to export the private key from the installed old certificate, and then merge with this new certificate as a PFX file. Then simply importing that PFX file in IIS Manager can finish the task.

    Reference

    The Whole Story of "Server Certificate Disappears in IIS 7/7.5/8/8.5/10.0 After Installing It! Why!" – The Half-Blood Programmer – Stories from Lex Li on technologies. (lextudio.com)

    Wednesday, February 24, 2021 8:38 PM