How to Renew an SSL/TLS certificate on IIS
Article Number: 000070652
This article contains instructions for the versions of IIS listed below:
IIS 5 or 6
1. Create a new CSR.
2. Complete the pending request.
3. Go to your “Default Web Site” and right-click on EDIT Bindings. Click ADD and select the new certificate from the drop-down list.
This process allows you to renew your expiring SSL certificate on IIS without experiencing any downtime on your website. By following these steps, you will be able to maximize your uptime and the overall security of your site:
1. On your Windows server, open the Internet Information Services (IIS) Manager. Click Start > Programs > Administrative Tools > Internet Information Services Manager.
2. Create a temporary site in IIS. Right-click on the main server node (local computer) and click New > Web Site. You can call it anything you want (for example, temporarysite). You will delete the temporary site later so the setup details are not important.
3. Generate a Certificate Signing Request (CSR) for the dummy site.The Common Name (Example: www.yourcompany.com) in the new CSR must be the same as your real site.
For example, if the certificate you’re trying to renew is for secure.yourcompany.com then the Common Name in the CSR for the dummy site will also need to be secure.yourcompany.com. To generate the CSR, refer to the article: Creating a Certificate Signing Request.
4. In the AffirmTrust SSL Portal, use the CSR that you created to reissue the certificate.
5. AffirmTrust will issue your SSL certificate and return it to you by email. Copy the certificate into a text editor such as Notepad and save as yourdomain.cer on your desktop.
6. Return to the Directory Security tab of your temporary site and select Server Certificate. Then select Process the pending request and install the certificate and click Next.
7. Locate the yourdomain.cer file when prompted to locate your web server certificate and click Next.
8. On the summary screen, check the expiration data to ensure that you are processing the correct certificate and click Next.
9. On the confirmation screen, click Next and then Finish. The SSL certificate is now installed on the temporary site. Next, you will transfer it to the real site.
10. Right-click your real website and click Properties.
11. On the Directory Security, under Secure communications, click Server Certificate.
12. In the Welcome to the Web Server Certificate Wizard window, click Next.
13. Select Replace the current certificate and click Next.
14. You will be asked to select your SSL certificate from a list of installed certificates. Ensure you select the new certificate from the list.
15. On the summary screen, check the expiration data to ensure that you are processing the correct certificate. Click Next.
16. On the confirmation screen, click Next and then Finish. Your old SSL certificate has now been replaced with the new certificate from the temporary site. You may safely delete the entire temporary site.
If you have any questions or concerns please contact the AffirmTrust support department for further assistance:
Support Hours of Operation:
Sunday 8PM ET to Friday 8PM ET