Login Signup Buy Now

Toll Free Toll Free: 800-892-7095   Live Chat Live Chat

Heartbleed Urgent Service Notice!


Renewing an IIS 7 SSL Certificate

If you are renewing your GeoTrust SSL certificate running on Microsoft Internet Information Services (IIS) 7, you will need to perform some simple tasks from your IIS 7 web server before placing an order to renew your expring SSL certificatate.


Generate Renewal Certificate Request File (CSR)

  1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
  2. In the IIS Manager, select the main server node on the top left under Connections
  3. In the Features pane (the middle pane), double-click the Server Certificates option located under the IIS or Security heading (depending on your current group-by view).
  4. URGENT!! There is a known bug in IIS7 when using the "Renew" link to renew your SSL certificate. Please do not use the "Renew" link.

    From the Actions pane on the top right, select Create Certificate Request (DO NOT SELECT THE RENEW LINK). The Distinguished Name Properties dialog box opens.
    . Iis_7_do_not_renew
  5. You will be asked for several pieces of info which will be used by GeoTrust to create your new SSL certificate. These fields include the Common Name (aka domain, FQDN), organization, country, key bit length, etc. Use the CSR Legend in the right-hand column of this page to guide you when asked for this information. The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
  6. THIS IS THE MOST IMPORTANT STEP! Enter your site's Common Name. The Common Name is the fully-qualified-domain name for your web site or mail server. What ever your end-user will see in their browser's address bar is what you should put in here. Do not include http:// nor https://. Refer to the CSR legend in the right-hand column of this page for examples. If this is wrong, your certificate will not work properly.
  7. Enter your Organization (e.g., Gotham Books Inc) and Organizational Unit (e.g., Internet Sales). Click Next.
  8. Enter the rest of the fields using the CSR Legend on the right right-hand column of this page for guidance and examples.
  9. Click Next to continue.
  10. The next screen of the wizard asks you to choose cryptography options. The default Microsoft RSA SChannel Cryptography Provider is fine and a key bit-length of 2048.
  11. Click Next to continue.
  12. Finally, specify a file name for the certificate request. It doesn't matter what you call it or where you save it as long as you know where to find it. You'll need it in the next step. We recommend calling it certreq.txt.
  13. Click Finish to complete the certificate request (CSR) Wizard.
  14. Now, from a simple text editor such as Notepad (do not use Word), open the CSR file you just created at c:\certreq.txt (your path/filename may be different). You will need to copy-and-paste the contents of this file, including the top and bottom lines, into the relevant box during the online order process.

    Open CSR in Notepad

When you get your certificate back refer to the certificate Installation instructions

CSR Legend

When generating your CSR you will be asked to input a few pieces of info. Below are some common fields with descriptions and examples. (also see About the CSR)

Common Name (CN)

The fully-qualified-domain name for your certificate. Examples include...

  • www.domain.com
  • owa.domain.net
  • secure.domain.ca
  • *.domain.com (for wildcard SSL)

Organization (O)

The exact legal name of your organization. Do not abbreviate your organization's name. Example: Metro Realty LLC or Flowers by Jenny

Organizational Unit (OU)

The section or division of the organization. Example: Sales, Support, Customer Service

City or Locality (L)

The city where your organization is legally located. Cannot be abbreviated. Example: Atlanta

State (S) or Province

The state or province where your organization is legally located. Cannot be abbreviated.. Example: Georgia

Country (C)

The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)

Email

Any email address. This field is arbitrary but must be filled in. GeoTrust will not use this email address to process your order. Example: user@example.com

Key Bit Length

The key bit length has to do with the initial key exchange, not the encryption strength of your certificate. GeoTrust recommends a key bit length of 2048.

Our Customers

  (see more)
Our customers
Symantec SSL Platinum Partner