Renewing an IIS 7 SSL Certificate
If you are renewing your GeoTrust SSL certificate running on Microsoft
Internet Information Services (IIS) 7, you will need to perform some simple tasks from
your IIS 7 web server before placing an order to renew your expring
Generate Renewal Certificate Request File (CSR)
- Open the Internet Information Services (IIS) Manager.
From the Start button select Programs >
Administrative Tools > Internet
Information Services Manager.
- In the IIS Manager, select the main server node on the top left under Connections
- In the Features pane (the middle pane), double-click the Server
Certificates option located under the IIS or Security heading
(depending on your current group-by view).
URGENT!! There is a known bug in IIS7 when using the "Renew"
link to renew your SSL certificate. Please do not use the "Renew" link.
From the Actions pane on the top right, select Create Certificate Request (DO NOT SELECT THE RENEW LINK).
The Distinguished Name Properties dialog box opens.
You will be asked for several pieces of info which will be used by GeoTrust to create
your new SSL certificate. These fields include the Common Name (aka domain, FQDN), organization,
country, key bit length, etc. Use the CSR Legend in the right-hand column of this page
to guide you when asked for this information. The following characters should not
be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
- THIS IS THE MOST IMPORTANT STEP! Enter
your site's Common Name. The Common Name is the fully-qualified-domain
name for your web site or mail server. What ever your end-user will
see in their browser's address bar is what you should put in here.
Do not include http:// nor https://. Refer to the CSR legend in
the right-hand column of this page for examples. If this is wrong, your certificate will not work
- Enter your Organization (e.g., Gotham Books Inc) and
Organizational Unit (e.g., Internet Sales). Click Next.
- Enter the rest of the fields using the CSR Legend on the right right-hand
column of this page for guidance and examples.
- Click Next to continue.
- The next screen of the wizard asks you to choose cryptography options. The
default Microsoft RSA SChannel Cryptography Provider is fine and a key bit-length
- Click Next to continue.
- Finally, specify a file name for the certificate request. It doesn't
matter what you call it or where you save it as long as you know where to find
it. You'll need it in the next step. We recommend calling it
- Click Finish to complete the certificate request (CSR) Wizard.
Now, from a simple text editor such as Notepad (do not use Word), open the CSR file you just
c:\certreq.txt (your path/filename may be different).
You will need to copy-and-paste the contents of this file, including the top and bottom lines, into the
relevant box during the online order process.
When you get your certificate back refer to the certificate Installation instructions
When generating your CSR you will be asked to input
a few pieces of info. Below are some common fields with descriptions and examples.
(also see About the CSR)
Common Name (CN)
The fully-qualified-domain name for your certificate. Examples include...
- *.domain.com (for wildcard SSL)
The exact legal name of your organization. Do not abbreviate your
organization's name. Example: Metro Realty LLC or Flowers by Jenny
Organizational Unit (OU)
The section or division of the organization. Example: Sales, Support, Customer Service
City or Locality (L)
The city where your organization is legally located. Cannot be
abbreviated. Example: Atlanta
State (S) or Province
The state or province where your organization is legally located. Cannot
be abbreviated.. Example: Georgia
The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)
Any email address. This field is arbitrary but must be filled in. GeoTrust
will not use this email address to process your order. Example: email@example.com
Key Bit Length
The key bit length has to do with the initial key exchange, not the
encryption strength of your certificate. GeoTrust recommends a key bit length of 2048.