1

Originally asked at https://stackoverflow.com/questions/1462009/renew-a-ssl-cert-on-iis6

My manager ordered a new wild card cert for our website as our current is expiring in a few days. Now, I am stuck as I cannot figure out how to install it? It is a cert from GoDaddy.com. I have downloaded it to my server. Upon unzipping it I have a PB7 file (intermediate cert) and a CRT file.

I open IIS6, click Properties on the website I want to update (it already has the old SSL Cert on it). Click on the Directory Security tab then the Server Certificate... button.

Now, I am presented with the following options:

* Renew the current certificate - was done manually through GoDaddy and no pending renewal was ever issued.
* Remove the current certificate - does not sound right for us.
* Replace the current certificate - possible...
* Export the current certificate to a .pfx file
* Copy or move the current certificate to a remote server site

Now, when I choose the REPLACE option it presents me with a dialog of already installed certs!!! My new one is not in there.

What the heck do I do? Google/Bing is being of no help to me right now.


NOTE: I have since been on the phone with GoDaddy support. Working on a test server the only way we could figure this out was to remove the old cert then generate a request, rekey the cert on GoDadddy, download and install via IIS6. Is there not a way to do this without dropping SSL on a production server?

Keith Barrows
  • 309
  • 1
  • 3
  • 15

1 Answers1

2

This turns out to be a conflict between our current cert (1024 bit) and GoDaddy's new policies for certs (>= 2048 bit). The CSR that was being generated by IIS6 during a renew wizard was wrong. We ended up having to delete the old cert then request a new cert via the CSR process. All installed now but created a new error for our end users. (See Peer's Certificate has been revoked).

Keith Barrows
  • 309
  • 1
  • 3
  • 15