Login Signup Buy SSL Now

Toll Free Toll Free: 800-892-7095   Live Chat Live Chat

Renewing an IIS 5 or IIS 6 SSL Certificate

If you are renewing your GeoTrust SSL certificate running on Microsoft Internet Information Services (IIS) 6, you will first need login to your IIS server to complete some pre-renewal steps to generate a renewal Certificate Signing Request (CSR).

  1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
  2. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
  3. Right-click the Web site for which you want to renew the SSL certificate on (ususally the Default web site), and then click Properties.
  4. On the Directory Security tab, under Secure communications, click Server Certificate.
  5. Click Next in the Welcome to the Web Server Certificate Wizard window.
  6. Select Renew the current certificate, Click Next. Note that doing this will not affect your current live certificate. It will continue to work as before.

    IIS Certificate Wizard

  7. Select Prepare the request now, but send it later.
  8. Enter a path and file name for the certificate request file (CSR). The path you provide is where the IIS wizard will save the CSR as a text file. The default path will be c:\certreq.txt . You'll need to be able to find and open this file in a text editor, such as Notepad.
  9. Verify the contents of your request and then click Next.
  10. At the Completing the Web Server screen, select Finish.
  11. Now open a text editor such as Notepad and open the CSR file you just created at c:\certreq.txt (your path/filename may be different). You will need to copy-and-paste the contents of this file into the relevant box during the purchase process.

    Open CSR in Notpad
  12. GeoTrust will issue your SSL certificate and return it to you by email. Copy the certificate into a text editor such as Notepad and save as yourdomain.cer on your desktop.
  13. Return to the Directory Security tab of your site and click Server Certificate and select Process the pending request and install the certificate. Click Next.
  14. Locate the yourdomain.cer file when prompted to locate your web server certificate. Click Next.
  15. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
  16. Click Next and then Finish on the confirmation screen. Your SSL certificate has now been renewed.

Verify Installation

New To verify if your certificate is installed correctly, use our Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

CSR Legend

When generating your CSR you will be asked to input a few pieces of info. Below are some common fields with descriptions and examples. (also see About the CSR)

Common Name (CN)

The fully-qualified-domain name for your certificate. Examples include...

  • www.domain.com
  • owa.domain.net
  • secure.domain.ca
  • *.domain.com (for wildcard SSL)

Organization (O)

The exact legal name of your organization. Do not abbreviate your organization's name. Example: Metro Realty LLC or Flowers by Jenny

Organizational Unit (OU)

The section or division of the organization. Example: Sales, Support, Customer Service

City or Locality (L)

The city where your organization is legally located. Cannot be abbreviated. Example: Atlanta

State (S) or Province

The state or province where your organization is legally located. Cannot be abbreviated.. Example: Georgia

Country (C)

The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)


Any email address. This field is arbitrary but must be filled in. GeoTrust will not use this email address to process your order. Example: user@example.com

Key Bit Length

The key bit length has to do with the initial key exchange, not the encryption strength of your certificate. GeoTrust recommends a key bit length of 2048.

Our Customers

  (see more)
Our customers
Symantec SSL Platinum Partner