Renewing an IIS 5 or IIS 6 SSL Certificate
If you are renewing your GeoTrust SSL certificate running on Microsoft
Internet Information Services (IIS) 6, you will first need login to your IIS server
to complete some pre-renewal steps to generate a renewal Certificate Signing Request (CSR).
- Open the Internet Information Services (IIS) Manager.
From the Start button select Programs >
Administrative Tools > Internet
Information Services Manager.
- In IIS Manager, double-click the local computer, and then double-click
the Web Sites folder.
- Right-click the Web site for which you want to renew the SSL certificate
on (ususally the Default web site), and then click Properties.
- On the Directory Security tab, under Secure communications,
click Server Certificate.
- Click Next in the Welcome to the Web Server
Certificate Wizard window.
- Select Renew the current certificate,
Click Next. Note that doing this will not affect your current
live certificate. It will continue to work as before.
- Select Prepare the request now, but send it later.
- Enter a path and file name for the certificate request file (CSR).
The path you provide is where the IIS wizard will save the CSR as a
text file. The default path will be
c:\certreq.txt . You'll need
to be able to find and open this file in a text editor, such as Notepad.
- Verify the contents of your request and then click Next.
- At the Completing the Web Server screen, select Finish.
- Now open a text editor such as Notepad and open the CSR file you just
c:\certreq.txt (your path/filename may be different).
You will need to copy-and-paste the contents of this file into the
relevant box during the purchase process.
- GeoTrust will issue your SSL certificate and return it to you by email.
Copy the certificate into a text editor such as Notepad and save
as yourdomain.cer on your desktop.
- Return to the Directory Security tab of your site and click Server
Certificate and select Process the pending request and install the
certificate. Click Next.
- Locate the yourdomain.cer file when prompted to locate your web server
certificate. Click Next.
- Review the summary screen and ensure that you are processing the correct
certificate (check the expiration date). Click Next.
- Click Next and then Finish on the
confirmation screen. Your SSL certificate has now been renewed.
To verify if your certificate is installed correctly, use our
Certificate Installation Checker.
Test your SSL certificate by using a browser to connect to your server.
Use the https protocol directive. For example, if your
SSL was issued to secure.mysite.com, enter
Your browser's padlock icon will be displayed in the locked position if your certificate
is installed correctly and the server is properly configured for SSL.
When generating your CSR you will be asked to input
a few pieces of info. Below are some common fields with descriptions and examples.
(also see About the CSR)
Common Name (CN)
The fully-qualified-domain name for your certificate. Examples include...
- *.domain.com (for wildcard SSL)
The exact legal name of your organization. Do not abbreviate your
organization's name. Example: Metro Realty LLC or Flowers by Jenny
Organizational Unit (OU)
The section or division of the organization. Example: Sales, Support, Customer Service
City or Locality (L)
The city where your organization is legally located. Cannot be
abbreviated. Example: Atlanta
State (S) or Province
The state or province where your organization is legally located. Cannot
be abbreviated.. Example: Georgia
The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)
Any email address. This field is arbitrary but must be filled in. GeoTrust
will not use this email address to process your order. Example: firstname.lastname@example.org
Key Bit Length
The key bit length has to do with the initial key exchange, not the
encryption strength of your certificate. GeoTrust recommends a key bit length of 2048.