How do I renew a certificate on Microsoft IIS 7?

Problem

How do I renew a certificate on Microsoft IIS 7?

Resolution

Previously in Internet Information Services (IIS) 6, you could easily renew an already installed certificate.  Doing this renew option kept all the same details in the certificate and created a new CSR.

In IIS 7, Microsoft has changed this renew option to issue a PKCS#7 formatted CSR that isn't recognized as a valid by many CSR decoders and CA applications.  As a result of this, when a certificate needs to be renewed within IIS 7, it must be done by creating a new certificate request rather than by renewing the existing certificate. 

Below are the steps for creating a new CSR.

  1. First, you must open IIS 7.
    1. Click on Start.
    2. Go to Administrative Tools.
    3. Click on Internet Information Services (IIS) Manager from the list.
  2. In the Internet Information Services (IIS) Manager window, click on the your server in the Connections pane on the left.
  3. In the middle pane, double-click on the Server Certificates Icon.
  4. In the Actions pane to the right, click on the Create Certificate Request... link.
  5. In the Request Certificate window, enter in the appropriate information into each field.  Use the guide below to help you.
    Common Name: This will be the Common Name on the certificate.  The Common Name is the Host + Domain Name.  It looks like “secure.example.com” or “example.com”.

    Organization: The legal name of your organization.

    Organizational Unit: This field is the name of the department or other group making the request.

    City/Locality: The locality field is the city or town name, for example: Hamilton or Stamford.

    State/Province: Spell out the state completely; do not abbreviate the parish, state or province name, for example: Pembroke of Connecticut.

    Country/region:
    Use the two-letter code of your country without punctuation, for example: BM or UK or CH.

  6. Once you have finished entering in the required information, click on the Next button.
  7. Leave the Cryptographic server provider: as default (Microsoft RSA SChannel Cryptographic Provider).
  8. Select a Bit length of 2048 bit or higher.  Click on the Next button.
  9. At the File Name screen, click on the ... button and specify a location to save the CSR.  After saving the CSR, click on the Finish button.
  10. Browse to the location where you saved your CSR, open it and submit it to QuoVadis.

Add Feedback