Renewing an IIS 7 SSL Certificate

If you are renewing your GeoTrust SSL certificate running on Microsoft Internet Information Services (IIS) 7, you will need to perform some simple tasks from your IIS 7 web server before placing an order to renew your expring SSL certificatate.

Generate Renewal Certificate Request File (CSR)

1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
2. In the IIS Manager, select the main server node on the top left under Connections
3. In the Features pane (the middle pane), double-click the Server Certificates option located under the IIS or Security heading (depending on your current group-by view).
4. You will be presented with a list of SSL Server Certificates currently installed. Select and highlight the expiring certificate that you want to renew. Check the certificate's Expiry Date to make sure you have selected the correct one. The certificate's Issued By field should say Equifax or GeoTrust.
5. From the Actions pane on the right, select Renew . From the Renew an existing certificate dialog box choose the second option, Create a renewal certificate request. Click Next.
6. Specify a file name for the renewal certificate request. It doesn't matter what you call it or where you save it as long as you know where to find it. You'll need it in the next step. We recommend calling it certreq.txt.
7. Click Finish to complete the certificate request (CSR) wizard.
8. Now, from a simple text editor such as Notepad (do not use Word), open the CSR file you just created at c:\certreq.txt (your path/filename may be different). You will need to copy-and-paste the contents of this file, including the top and bottom lines, into the relevant box during the online order process.
   
   

Renewal Certificate Installation

1. Your SSL server certificate will be sent to you by email. The email message includes the server certificate that you purchased in the body of the email message. It will be labled "Server Certificate (public key)". It is also downloadable from your SSL Manager account (recommended). Copy the certificate from the body of the email and paste it into a simple text editor, such as Vi or Notepad (do not use MS Word).
   
   
2. Save this as yourdomain.cer on your desktop or other location. What you name this file is not important, only that you can find it a moment.
3. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
4. In the IIS Manager, select the main server node on the top left under Connections
5. In the Features pane (the middle pane), double-click the Server Certificates option located under the IIS or Security heading (depending on your current group-by view).
6. You will be presented with a list of SSL Server Certificates currently installed. Select and highlight the expiring certificate that you want to renew. Check the certificate's Expiry Date to make sure you have selected the right one. The certificate's Issued By field should say Equifax or GeoTrust.
7. From the Actions pane on the right, select Renew . From the Renew an existing certificate dialog box choose the third option, Complete certificate renewal request. Click Next
8. From the Specify Certification Authority Response dialog box, browse to the renewal certifiate file you saved in step 2 of this section, yourdomain.cer. Click Finish.
9. It may take a few seconds, but if the installation was successful you will presented with a list of SSL Server Certificates currently installed. Select and highlight the certificate that you just renewed. Check the certificate's Expiry Date to make sure it has updated to the new date.
10. Test the install by selecting the web site under the Web Sites folder on the left-hand Connections pane (usually listed as the Default web site). Then from the right-hand Actions pane select Browse *.443 (https) under the Browse Web Site section.