Login Signup Buy Now

Toll Free Toll Free: 800-892-7095   Live Chat Live Chat

Renewing an IIS 5 SSL Certificate

If you are renewing your GeoTrust SSL certificate running on Microsoft Internet Information Services (IIS) 5, you will first need login to your IIS server to complete some pre-renewal steps to generate a renewal Certificate Signing Request (CSR).

Important: Microsoft IIS 5 shipped with a limitation on the types of SSL certificates that it can renew. GeoTrust SSL certificates come in one of two types: QuickSSL or True BusinessID. If you have a QuickSSL Basic, QuickSSL Premium, or Power Server ID, you will need to follow the work-around instructions below to renew your SSL certificate. If you have a GeoTrust True BusinessID certificate you can follow the IIS 6 instructions and skip this work-around.

Special work-around instructions for IIS 5 SSL renewals:

Overview: this is a work-around that will allow you to renew your expiring SSL certificate on IIS 5 machine without losing any uptime on your secure site. We are going to first create a dummy site in IIS 5, request a certificate for the dummy site, install a new certificate on the dummy site, and then replace the expiring certificate on your real site with the new certificate on the dummy site. Relax, it's easier than you think.

  1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
  2. You will first need to create create dummy site (a temporary site) in IIS. Right-click on the main server node (local computer) and select New > Web Site. You can call it tempsite. You'll be deleting this site later so you don't need to worry too much with the details of setting it up.
  3. Once you have the temporary site setup you will need to generate a Certificate Signing Request (CSR) for the dummy site. The Common Name (e.g., www.mysite.com) in the new CSR must be the same as your real site. For example, if the certificate you're trying to renew is for 'secure.mydomain.com' then the Common Name in the CSR for the dummy site will also need to be 'secure.mydomain.com'. To generate the CSR follow these instructions.
  4. Once you have a CSR for the dummy site you can place a renewal order using that CSR.
  5. GeoTrust will issue your SSL certificate and return it to you by email. Copy the certificate into a text editor such as Notepad and save as yourdomain.cer on your desktop.
  6. Return to the Directory Security tab of your dummy site (not your real site) and click Server Certificate and select Process the pending request and install the certificate. Click Next.
  7. Locate the yourdomain.cer file when prompted to locate your web server certificate. Click Next.
  8. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
  9. Click Next and then Finish on the confirmation screen. The SSL certificate has now been installed on the dummy site and now we have to transfer it to the real site.
  10. Right-click your real web site and then click Properties.
  11. On the Directory Security, under Secure communications, click Server Certificate.
  12. Click Next in the Welcome to the Web Server Certificate Wizard window.
  13. Select Replace the current certificate, Click Next.

    IIS Certificate Wizard

  14. You will be asked to select your SSL certificate from a list of installed certificates. Ensure you select the new certificate from the list.
  15. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
  16. Click Next and then Finish on the confirmation screen. Your old SSL certificate has now been replaced with the new certificate from the dummy site.
  17. You may safely delete the entire dummy site.

Troubleshooting/Testing

New To verify if your certificate is installed correctly, use the GeoTrust Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

CSR Legend

When generating your CSR you will be asked to input a few pieces of info. Below are some common fields with descriptions and examples. (also see About the CSR)

Common Name (CN)

The fully-qualified-domain name for your certificate. Examples include...

  • www.domain.com
  • owa.domain.net
  • secure.domain.ca
  • *.domain.com (for wildcard SSL)

Organization (O)

The exact legal name of your organization. Do not abbreviate your organization's name. Example: Metro Realty LLC or Flowers by Jenny

Organizational Unit (OU)

The section or division of the organization. Example: Sales, Support, Customer Service

City or Locality (L)

The city where your organization is legally located. Cannot be abbreviated. Example: Atlanta

State (S) or Province

The state or province where your organization is legally located. Cannot be abbreviated.. Example: Georgia

Country (C)

The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)

Email

Any email address. This field is arbitrary but must be filled in. GeoTrust will not use this email address to process your order. Example: user@example.com

Key Bit Length

The key bit length has to do with the initial key exchange, not the encryption strength of your certificate. GeoTrust recommends a key bit length of 2048.

Our Customers

  (see more)
Our customers
Follow us on Twitter!

Copyright © 2002-2010 GeoCerts, Inc.

* Ten minutes applies to QuickSSL & QuickSSL Premium only. SSL orders flagged by GeoTrust for a manual security audit may take longer than ten minutes.