SSL Certificate Renewal Using the DigiCert Utility
Create a new CSR
-
First you'll need to select your expiring SSL Certificate and then click the Create CSR button.
-
Click Yes to import the attributes from the current certificate into the new request.
-
Click Copy CSR.
-
Order your new Certificate by logging into your account, clicking '+' next to your order number, then click Renew and filling out all of the details and pasting your CSR in step 2 of the order process.
Import the Certificate
Once your renewal certificate order has been validated and issued, you will need to copy your certificate file to the server where the CSR was created then run the Certificate Management Tool to import it to your Microsoft Server.
-
Run the Certificate Management Tool (DigiCertUtil.exe).
-
Click the Import button and find your_domain_com.cer, and choose Next.
-
For 'Friendly Name' enter a name that will help you keep track of this certificate after it has been installed and click Finish.
-
After importing the certificate, you will need to follow the instructions to tell your server to use this certificate for securing your website or email connections following the instructions below for your specific server platform:
IIS 5/6 & Exchange 2003, IIS 7, Exchange 2007, Exchange 2010.
Assigning your SSL Certificate on your Server
IIS 5/6 & Exchange 2003
-
Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.
-
Right click the website the SSL certificate being renewed for and click Properties.
-
Click on the Directory Security tab then click the Server Certificate button.
-
Choose the option to Replace the Existing Certificate and then click Next.
-
Select the certificate you just imported then continue through the wizard until completion.
Your renewed SSL certificate is now installed to the website.
For both IIS 5 > 6 and Exchange 2003 assign the certificate within IIS following these instructions below:
IIS 7
For IIS 7, follow the directions below to replace the current SSL certificate in your HTTPS binding with the one you have just barely imported with the utility.
-
Open the IIS Manager for IIS 7 by going to
Start > Administrative Tools > Internet Information Services (IIS) Manager.
-
On the left side in the Connections pane click and expand to Server > Sites and right-click the website that the certificate is being renewed on. click Bindings to display the Site Bindings window.
-
Click Edit... to open the "Edit Site Binding" window.
-
In the 'SSL Certificate' select the renewed certificate by the friendly name you assigned to it. Then click 'Ok' and Close the Site Bindings Window.
Your new SSL certificate is now installed to the website.
Exchange 2007
-
To open the Exchange management shell click
Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
-
In the DigiCert Utility, right-click your Exchange certificate and choose the option to
Copy thumbprint to clipboard.
-
Enable your certificate for use with Exchange by running the Enable-ExchangeCertificate command (you should omit any services you won't be using).
Enable-ExchangeCertificate -ThumbPrint [right-click and Paste] -Services "SMTP, IMAP, POP, IIS"Your new SSL certificate is now installed to the website.
Exchange 2010
-
Start the Exchange Management Console by clicking
Start > Programs > Microsoft Exchange 2010 > Exchange Management Console.
-
In the middle pane click the link to Manage Databases. Then on the left click Server Configuration.
-
In the Exchange Certificates section, right-click your certificate and click Assign Services to Certificate...
-
Select the services for to enable with your new SSL Certificate then click Next > Assign > Finish.
Your new certificate should now be installed and enabled to secure Microsoft Exchange.
Test your Installation
Go to www.digicert.com/help and enter the DNS name of the site you are securing to test your certificate (e.g. www.yourdomain.com, or mail.yourdomain.com) to verify the installation is correct and the expiration date shows the renewed certificate.