Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Renewing SSL certificates

Posted on 2007-10-20
Medium Priority
Last Modified: 2012-06-21
I would like to apologize in advance, I am new at this.  We have Verisign SSL certificates and are changing to RSA.  Because we are changing providers I did not think doing a normal renew in IIS was the correct method.  I obviously dont know for sure.  
Ok, the problem is on a production site that already has a cert.  I dont want to disturb a production site to start the cert request process.  But, when I go into IIS, since I have a valid cert, I do not see the option I want to see (I think it says create cert).  
So anyway what I did last time to prevent disruption is exported the certs (mmc  certificates) to a file but I dont remember details of file extension.   Deleted the cert in IIS.  Then I saw the option I wanted to see to start the cert request process.  Got the text file / private key text whatever it is.  Then I cancelled out the install pending request so I could import in the live production cert again so the site was actually only without SSL for 5 minutes.  
OK, the problem.  Clearing out the install pending request so I could re-import my current cert while I was waiting for my renewed cert apparently wipes out my private key.    Meaning when I finally get the renewed cert, renew/replace in ISS and then view the cert, everything looks OK except I do not see the private key at the very bottom and SSL is not working.  Meaning http is fine but https prompts.
Can someone point out some of the things I am doing incorrectly or share you experiences on how to do this the correct way.
Thanks in advance.
Question by:xsound
LVL 16

Expert Comment

ID: 20121159
Did you export your certificate private key to the file before deleting the certificate? You should have selected some extra options when exporting to do that. If you didn't the private key is probably lost and it will not work until you get the new certificate.

The renewal and installation of new certificates can be done in IIS manager -> Web site properties -> Directory security -> Server certificate. You should be able to click that even when you have a certificate installed.
LVL 34

Accepted Solution

Dave_Dietz earned 2000 total points
ID: 20447671
The easy way is to create a new web site.

Use it to generate the new certificate request and bind the certificate to the private key when you get it.

Then all you have to do is assign the new certificate to the old site.

You can also recover from deleting the pending request using CertUtil:

    How to install a server certificate after a pending request has been deleted in IIS 5.0

The article says IIS 5.0 but works just as well on IIS 6.0.

Dave Dietz

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question