Renewing SSL certificates

Posted on 2007-10-20
Last Modified: 2012-06-21
I would like to apologize in advance, I am new at this.  We have Verisign SSL certificates and are changing to RSA.  Because we are changing providers I did not think doing a normal renew in IIS was the correct method.  I obviously dont know for sure.  
Ok, the problem is on a production site that already has a cert.  I dont want to disturb a production site to start the cert request process.  But, when I go into IIS, since I have a valid cert, I do not see the option I want to see (I think it says create cert).  
So anyway what I did last time to prevent disruption is exported the certs (mmc  certificates) to a file but I dont remember details of file extension.   Deleted the cert in IIS.  Then I saw the option I wanted to see to start the cert request process.  Got the text file / private key text whatever it is.  Then I cancelled out the install pending request so I could import in the live production cert again so the site was actually only without SSL for 5 minutes.  
OK, the problem.  Clearing out the install pending request so I could re-import my current cert while I was waiting for my renewed cert apparently wipes out my private key.    Meaning when I finally get the renewed cert, renew/replace in ISS and then view the cert, everything looks OK except I do not see the private key at the very bottom and SSL is not working.  Meaning http is fine but https prompts.
Can someone point out some of the things I am doing incorrectly or share you experiences on how to do this the correct way.
Thanks in advance.
Question by:xsound
    LVL 16

    Expert Comment

    Did you export your certificate private key to the file before deleting the certificate? You should have selected some extra options when exporting to do that. If you didn't the private key is probably lost and it will not work until you get the new certificate.

    The renewal and installation of new certificates can be done in IIS manager -> Web site properties -> Directory security -> Server certificate. You should be able to click that even when you have a certificate installed.
    LVL 34

    Accepted Solution

    The easy way is to create a new web site.

    Use it to generate the new certificate request and bind the certificate to the private key when you get it.

    Then all you have to do is assign the new certificate to the old site.

    You can also recover from deleting the pending request using CertUtil:

        How to install a server certificate after a pending request has been deleted in IIS 5.0

    The article says IIS 5.0 but works just as well on IIS 6.0.

    Dave Dietz

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
    Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now