HOME SSL CERTIFICATES Server Certificates All... QuickSSL QuickSSL Premium Power Server ID SSL Unified Communications Certificate True BusinessID SSL Wildcard SSL SSL for OWA X.509 SSL for WSE Extended Validation SSL EV SSL EV SSL Requirements Buying SSL Help Me Decide Understanding SSL Authentication Compare SSL Certificates FAQ Renew Buy Now AUTHORIZE.NET Merchant Account Overview How It Works Merchant Account FAQ Apply Now Resell Merchant Accounts COMPANY About GeoCerts Contact Our Customers Customer Comments Privacy Policy Site Map SUPPORT Support Options Support Overview Contact Support Self Service Reissues Certificate Installation Knowledge Base Archives Cancellations & Refunds RESOURCES Browser Compatibility Mobile Device Compatibility How SSL Works How To Use SSL Root CA Certificates Renewing An IIS Certificate Keytool Manual Pages OpenSSL Manual Pages Legal CSR Request About the CSR Generate CSR GeoTrust Site Seals How Site Seals Work Site Seal Installation BUY NOW SSL Manager Login Create SSL Manager Account Purchase SSL Renew SSL

Renewing an IIS 5 or IIS 6 SSL Certificate

If you are renewing your GeoTrust SSL certificate running on Microsoft Internet Information Services (IIS) 5 or 6, you will need to use the Renew the Current Certificate option in the IIS Certificate Wizard. The wizard will generate a new Certificate Signing Request (CSR) for you. Once you have the renewal CSR you should copy and paste it into the appropriate box during the renewal process on this site.

Important: Microsoft IIS 5 shipped with a limitation on the types of SSL certificates that it can renew. GeoTrust SSL certificates come in one of two types: QuickSSL or True BusinessID. Depending on which SSL certificate type you are renewing, you may or may not be able use the "Renew the Current Certificate" option in the Server Certificate wizard within IIS. If you don't know what type of GeoTrust SSL certificate you currently have, please contact us and we'll be happy to assist you.

Please refer to this table to determine if you can use the "Renew the Current Certificate" option in IIS. If you cannot, there are instructions provided for an easy work-around to this problem.

We have two sets of instructions:

• A. Users who can use the Renew Certificate option in IIS
• B. Users who cannot use the Renew Certificate option in IIS

A. Instructions for users who can use the Renew Certificate option in IIS:

1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
2. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
3. Right-click the Web site for which you want to renew the SSL certificate on, and then click Properties.
4. On the Directory Security, under Secure communications, click Server Certificate.
5. Click Next in the Welcome to the Web Server Certificate Wizard window.
6. Select Renew the current certificate, Click Next.

   

7. Select Prepare the request now, but send it later.
8. Enter a path and file name for the certificate request file (CSR). The path you provide is where the IIS wizard will save the CSR as a simple text file. You'll need to be able to find and open this file in a text editor, such as Notepad.
9. Verify the contents of your request and then click Next.
10. At the Completing the Web Server screen, select Finish.

    Important: once the CSR has been generated and saved to the location you specified, do not start the IIS certificate wizard again until your renewal SSL certificate is delivered to you from GeoTrust. Doing so risks losing the pending request that the wizard has set up for you. If this happens the certificate and private key will not match up and you'll have to start over from scratch with a new order.

11. Now open a text editor such as Notepad and open the CSR file you just created at c:\certreq.txt (your path/filename may be different). You will need to copy-and-paste the contents of this file into the relevant box during the purchase process.
    
    
12. GeoTrust will issue your SSL certificate and return it to you by email. Copy the certificate into a text editor such as Notepad and save as yourdomain.cer on your desktop.
13. Return to the Directory Security tab of your site and click Server Certificate and select Process the pending request and install the certificate. Click Next.
14. Locate the yourdomain.cer file when prompted to locate your web server certificate. Click Next.
15. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
16. Click Next and then Finish on the confirmation screen. Your SSL certificate has now been renewed.

B. Instructions for users who cannot use the Renew Certificate option in IIS:

Overview: this is a work-around that will allow you to renew your expiring SSL certificate on IIS 5 machine without losing any uptime on your secure site. We are going to first create a "dummy" site in IIS 5, request a certificate for the dummy site, install a new certificate on the dummy site, and then replace the expiring certificate on your real site with the new certificate on the dummy site. Relax, it's easier than you think.

1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
2. You will first need to create create dummy site (a temporary site) in IIS. Right-click on the main server node (local computer) and select New > Web Site. You can call it tempsite. You'll be deleting this site later so you don't need to worry too much with the details of setting it up.
3. Once you have the temporary site setup you will need to generate a Certificate Signing Request (CSR) for the dummy site. The Common Name (e.g., www.mysite.com) in the new CSR must be the same as your real site. For example, if the certificate you're trying to renew is for 'secure.mydomain.com' then the Common Name in the CSR for the dummy site will also need to be 'secure.mydomain.com'. To generate the CSR follow these instructions.
4. Once you have a CSR for the dummy site you can place a renewal order using that CSR.
5. GeoTrust will issue your SSL certificate and return it to you by email. Copy the certificate into a text editor such as Notepad and save as yourdomain.cer on your desktop.
6. Return to the Directory Security tab of your dummy site (not your real site) and click Server Certificate and select Process the pending request and install the certificate. Click Next.
7. Locate the yourdomain.cer file when prompted to locate your web server certificate. Click Next.
8. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
9. Click Next and then Finish on the confirmation screen. The SSL certificate has now been installed on the dummy site and now we have to transfer it to the real site.
10. Right-click your real web site and then click Properties.
11. On the Directory Security, under Secure communications, click Server Certificate.
12. Click Next in the Welcome to the Web Server Certificate Wizard window.
13. Select Replace the current certificate, Click Next.

    

14. You will be asked to select your SSL certificate from a list of installed certificates. Ensure you select the new certificate from the list.
15. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
16. Click Next and then Finish on the confirmation screen. Your old SSL certificate has now been replaced with the new certificate from the dummy site.
17. You may safely delete the entire dummy site.

Home | SSL Certificates | GeoAuthorize | Support | Company | Contact Us | Buy Now | Renew | Site Map

Copyright © 2002-2008 GeoCerts | copyright protection by  bitscan™
All registered trade/service marks are property of their respective holders.
*Orders flagged by GeoTrust for a manual security audit may take longer than ten minutes.