Renewing an IIS 5 or IIS 6 SSL Certificate

If you are renewing your GeoTrust SSL certificate running on Microsoft Internet Information Services (IIS) 5 or 6, you will need to use the Renew the Current Certificate option in the IIS Certificate Wizard. The wizard will generate a new Certificate Signing Request (CSR) for you. Once you have the renewal CSR you should copy and paste it into the appropriate box during the renewal process on this site.

Important: Microsoft IIS 5 shipped with a limitation on the types of SSL certificates that it can renew. GeoTrust SSL certificates come in one of two types: QuickSSL or True BusinessID. Depending on which SSL certificate type you are renewing, you may or may not be able use the Renew the Current Certificate option in the Server Certificate wizard within IIS. If you don't know what type of GeoTrust SSL certificate you currently have, please contact us and we'll be happy to assist you.

Please refer the table below to determine if you can use the Renew the Current Certificate option in IIS. Basically, if you have a QuickSSL or QuickSSL Premium certificate and it's currently hosted on an IIS 5 machine (Windows 2000) you must follow the part B work-around instructions below to renew your SSL certificate. All others can use the part A instructions.

We have two sets of instructions:

• A. Users who can use the Renew Certificate option in IIS
• B. Users who cannot use the Renew Certificate option in IIS

A. Instructions for users who can use the Renew Certificate option in IIS:

1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
2. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
3. Right-click the Web site for which you want to renew the SSL certificate on, and then click Properties.
4. On the Directory Security, under Secure communications, click Server Certificate.
5. Click Next in the Welcome to the Web Server Certificate Wizard window.
6. Select Renew the current certificate, Click Next.

   

7. Select Prepare the request now, but send it later.
8. Enter a path and file name for the certificate request file (CSR). The path you provide is where the IIS wizard will save the CSR as a simple text file. The default path will be c:\certreq.txt . You'll need to be able to find and open this file in a text editor, such as Notepad.
9. Verify the contents of your request and then click Next.
10. At the Completing the Web Server screen, select Finish.
11. Now open a text editor such as Notepad and open the CSR file you just created at c:\certreq.txt (your path/filename may be different). You will need to copy-and-paste the contents of this file into the relevant box during the purchase process.
    
    
12. GeoTrust will issue your SSL certificate and return it to you by email. Copy the certificate into a text editor such as Notepad and save as yourdomain.cer on your desktop.
13. Return to the Directory Security tab of your site and click Server Certificate and select Process the pending request and install the certificate. Click Next.
14. Locate the yourdomain.cer file when prompted to locate your web server certificate. Click Next.
15. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
16. Click Next and then Finish on the confirmation screen. Your SSL certificate has now been renewed.

B. Instructions for users who can't use the Renew Certificate option in IIS:

Overview: this is a work-around that will allow you to renew your expiring SSL certificate on IIS 5 machine without losing any uptime on your secure site. We are going to first create a dummy site in IIS 5, request a certificate for the dummy site, install a new certificate on the dummy site, and then replace the expiring certificate on your real site with the new certificate on the dummy site. Relax, it's easier than you think.

1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
2. You will first need to create create dummy site (a temporary site) in IIS. Right-click on the main server node (local computer) and select New > Web Site. You can call it tempsite. You'll be deleting this site later so you don't need to worry too much with the details of setting it up.
3. Once you have the temporary site setup you will need to generate a Certificate Signing Request (CSR) for the dummy site. The Common Name (e.g., www.mysite.com) in the new CSR must be the same as your real site. For example, if the certificate you're trying to renew is for 'secure.mydomain.com' then the Common Name in the CSR for the dummy site will also need to be 'secure.mydomain.com'. To generate the CSR follow these instructions.
4. Once you have a CSR for the dummy site you can place a renewal order using that CSR.
5. GeoTrust will issue your SSL certificate and return it to you by email. Copy the certificate into a text editor such as Notepad and save as yourdomain.cer on your desktop.
6. Return to the Directory Security tab of your dummy site (not your real site) and click Server Certificate and select Process the pending request and install the certificate. Click Next.
7. Locate the yourdomain.cer file when prompted to locate your web server certificate. Click Next.
8. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
9. Click Next and then Finish on the confirmation screen. The SSL certificate has now been installed on the dummy site and now we have to transfer it to the real site.
10. Right-click your real web site and then click Properties.
11. On the Directory Security, under Secure communications, click Server Certificate.
12. Click Next in the Welcome to the Web Server Certificate Wizard window.
13. Select Replace the current certificate, Click Next.

    

14. You will be asked to select your SSL certificate from a list of installed certificates. Ensure you select the new certificate from the list.
15. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
16. Click Next and then Finish on the confirmation screen. Your old SSL certificate has now been replaced with the new certificate from the dummy site.
17. You may safely delete the entire dummy site.