IIS 7 SSL Certificate CSR Creation

Easy IIS 7 SSL Certificate Renewal using DigiCert Utility

For a very simple way of renewing your certificate for IIS 7 please see the SSL Cert Renew Util for IIS 7 page. This guides you through creating a new CSR, installing the certificate, and much much more.

How to Generate an SSL Certificate Renewal CSR in Microsoft IIS 7

Best practices are to generate a new certificate signing request (CSR) when renewing your SSL certificate.

  1. Open the IIS Manager by going to Start > Administrative Tools > Internet Information Services (IIS) Manager.

  2. Under Connections click your server's Hostname.

  3. In the center window pane, scroll down to and Double-Click the Server Certificates icon.

  4. On the right window pane under Actions click the link to Create Certificate Request....

  5. Enter the following information in the "Distinguished Name Properties" and click Next:

    Common Name - Typically the domain (e.g. www.yourdomain.com) computers will connect to this server with.
    Organization -    Your organization's or company's legally registered name (e.g. Your Company, LLC; Your Company, Inc.)
    Organizational unit - Your organization's department name (If you don't know what to put just enter 'IT').
    City/locality -     The city/municipality where your organization is located.
    State/province - The state where your organization is located.
    Country/region - Your country's abbreviated two letter country code.

  6. Choose Microsoft RSA SChannel and 2048 and then click Next.

  7. Save your CSR file to a location. Then open this file in in Wordpad, hit (Ctrl+A) and (Ctrl+V) to select all and copy the contents to the clipboard.

Renew Your SSL Certificate

Renew your SSL certificate from inside your DigiCert CertCentral account.

Are you new to the DigiCert team? You can "replace" your certificate with a DigiCert certificate. Order your new certificate here - Purchase Your DigiCert Certificate.

  1. Log into your CertCentral account.

  2. In CertCentral, in the left main menu, click Certificates > Expiring Certificates.

  3. On the Expiring Certificates page, next to the certificate you want to renew, click Renew Now.

    A certificate doesn't appear on the Expiring Certificates page until 90 days before it expires.

  4. Follow the instructions provided inside your account to renew your SSL certificate.

  5. Add your CSR

    When renewing the certificate, you'll need to include a CSR. On the "Renewal" page, under Certificate Settings, upload the CSR file you saved to the server.

    You can also use a text editor (such as Notepad) to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it in the Add Your CSR box.

  6. After you place the order to renew your certificate, DigiCert verifies your information.

  7. If we need any additional information, we will promptly contact you by phone or email. If no additional information is required, we will most likely issue your certificate within an hour.

Installation Instructions to Renew your Windows 2008 Server SSL Certificate

  1. Save your certificate file to the IIS server that the CSR request was generated from.

  2. Open the IIS Manager and on the left side click on your server's name, and in the center window pane scroll down to Server Certificates and open it.

  3. Now under Actions pane click to Complete Certificate Request...

  4. Click ... to browse to the .CER certificate file DigiCert sent you, and give the certificate a Friendly Name to help you refer to this certificate by in the future and click Ok.

    Note: You may receive the following error messages when installing the certificates:
    "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." "ASN1 bad tag value met".

    If you created the CSR (AKA pending request) for the certificate you are installing you can ignore this error, close the dialog box and hit the "F5" key to update the list of available installed certificates.
    If you can see your certificte with the friendly name you just assigned, click to go to the next step.
    If your certificate isn't listed please contact DigiCert support for assistance.

  5. Under the Connections window pane, expand your server's computer name, then click the Site that you want to enable SSL on.

  6. In the Actions menu click Bindings... then select the binding for https and click 'Edit'.

  7. In the 'SSL certificate:' drop-down menu select your newly-installed SSL Certificate by it's friendly name, and click Ok.

  8. Your new SSL Certificate should now be installed to your server. IIS 7 Host Headers.

For help with your cert installation or troubleshooting, try our new Windows SSL management tool.

Test Your Installation

If your web site is publicly accessible, our SSL Cert Tester tool can help you diagnose common problems.

SSL Certificates :: Microsoft Internet Information Server 7

How to install your SSL Digital Certificate to Windows Server 2008.

IIS 7 SSL Certificates, Guides, & Tutorials

Buy Now Learn More