switching SSLs in IIS6

Posted on 2009-12-16
Last Modified: 2012-08-13
I am hosting a site on a windows 2k3 standard R2 box with iis6.  this site had an SSL through thawte that expires next month, but I don't want to renew it.  I bought a new SSL from Netsol and was able to generate a CSR for it by temporarily removing the existing certificate, generating the CSR, and then putting the original Certificate back.  When the Certificate was validated and issued, I then followed the instructions on this post: which shows you how to install a Certificate that does not have a pending request in IIS by doing it command line.  

specifically:  certutil -addstore my <name of cert>

that was successful, and I also installed the Root and Intermediate certificates manually as I usually do in the MMC.  

that was fine as well, and when I selected the certificate in the directory security properties of IIS to assign the new Cert to the website, it looks to work great.  when I view the Certificate in there, it looks fine.  However, it doesn't work when you try to access the domain via https://.  it just acts like there is no cert installed and times out.  I have rebooted the server, restarted IIS, and no change.  When i reselect the old Certificate, that one still works great.  

what can I do to get the new Certificate working (without generating a new CSR)?

Question by:one2onelanc
    LVL 15

    Expert Comment

    Hmmm....yeah that's an odd way of doing things.  What you should have done is generate the new cert on a completely seperate website, then export/import it to the existing site.

    Anyways, in this case here is what I would try to do.  Open the Certificates MMC, and locate your new cert under the /Personal store.  Try right clicking and exporting it to a .pfx.  Once you have done that, you can go to your website in IIS, and try replacing the cert that is on there by importing the the .pfx that you just created.

    Author Comment

    Tried that.  Export as a pfx is greyed out.  i can export as the others, but not pfx.  any other thoughts?
    LVL 15

    Accepted Solution

    Then it sounds like when you installed the cert you didn't click the checkbox that says 'mark this key as exportable.'

    Honestlly the quick and easy solution to this is just to re-issue your certificate.  All of the 3rd party SSL providers offer this service, and it's free on all of them that I have seen.  To do this you would need to create a whole new CSR.  I would recommend doing that on a seperate site....create a dummy one if you need to for this purpose.  Install the cert to the dummy site (mark it as exportable), export it to pfx, then import it to your production site.

    Author Comment


    your comment got me thinking..  it didn't give me an option to mark it as exportable because it was command line.  but perhaps one of the command lines didn't succeed 100% as I thought.  so, i removed the certificate from the MMC, redid the command lines, reinstalled it, and then selected it for the domain and now it works great.  I guess it actually failed to install 100% the first time I tried.  

    I much prefer this method to making dummy sites and re-issuing CSRs (which can take a week to be validated).  So I am very happy it worked.  Thanks!

    Author Closing Comment


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
    #SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now