SSL Certificate Renewal for IIS 5 or IIS 6 without Any Downtime

If using the IIS 5/6 user interface to renew your SSL certificate, the best way to renew a certificate without any downtime is to generate a CSR with the desired details for a second website on the same server. The website should not be a publicly accessible site, and you can create it specifically for this purpose. You do not need to create a functional site. As long as you make a site, the site details do not matter.

Renewal Steps:

  • Create the CSR.

  • Submit it to DigiCert.

  • Receive certificate file.

  • Install your certificate to the server/website from which the CSR was generated.

  • On the original website, replace the current certificate with the new certificate.

For a much simpler way of renewing your SSL Certificate for IIS 5/6 without any downtime, you can use the DigiCert® Certificate Utility for Windows. See Renewing Microsoft IIS 5.x/6.x SSL Certificates.

Create a New Site and Generate a CSR.

  1. On the server with IIS 5/6 installed, right-click on My Computer, click Services and Applications and expand Internet Information Services.

  2. Right-click the Web Sites folder, then select New and choose Web Site. Then click next.

  3. Create a name for the website (e.g. Dummy Site), then choose Next.

  4. Leave the IP address as All Unassigned for your site and click Next.

  5. For Path, pick any folder that would serve content for this site (this won't matter since this website won't ever be live) and choose Next.

  6. On the next screen for website permissions leave everything as the default values and click Next then Finish.

  7. Right-click on the Dummy Site you created, and select Properties. Click the tab labeled Directory Security, click the Server Certificate button, and click next.

    IIS Server Certificate

  8. Choose Create a new certificate and click next.

  9. Choose to Prepare the request now, but send it later and hit next.

  10. Next, enter a name for this certificate to distinguish this certificate from all other certificates installed on your server. For Bit Length choose 2048. Leave the two boxes unchecked and click Next.

    IIS Renewal CSR Details

  11. Enter the following for each field: Organization: Your company/organization's full legal name. Organization Unit: Enter your department, or if you don't have one enter something such as 'Security' or 'IT'.

  12. For common name, enter the fully qualified domain name you are securing (e.g. www.yourdomain.com).

    IIS Renewal CSR Common Name

  13. Enter the location of your organization: Country, State, and City.
    If your country doesn't use states or provinces, enter your city for the State.

  14. Save your SSL Certificate Signing Request (CSR). The file should be saved as a text file (.txt)

  15. Click Next to generate the file and then, click Finish.

    IIS Renewal CSR Pending Request Summary

  16. Open this file in a text editor, like Notepad or WordPad, copy the entire contents of this file and copy it to your computer's clipboard.

  17. Login and click + to expand the certificate options for your order number then click the Renew link.

    DigiCert Certificate Manager

    This will guide you through the renewal process where you will be prompted to paste the CSR, and also update company information, contacts and choose a payment method. Next, login to your DigiCert account.

    Install the SSL Certificate in IIS then Remove the Dummy Site

  1. Open Internet Information Services (IIS) Right-click on the Dummy Site you created and choose Properties.

  2. Go to the Directory Security tab, click Server Certificate, and click Next.

  3. Choose Process the pending request and install the certificate and choose Next.

  4. Browse to your SSL Certificate (your_domain_com.cer) then click Next. Follow the rest of the wizard steps until finished.

    The SSL certificate should now be installed to your server.

  5. Now, right-click on the Dummy Site you created and then, click Delete.

  6. Now, right-click on your original website with the expiring certificate, and go to the Directory Security tab and click Server Certificate.

  7. Click the option to Replace the current certificate and choose the certificate that you just installed to the server.

IIS 5 & 6 SSL Certificates, Guides, & Tutorials

Buy Now Learn More

Troubleshooting:

  1. For SSL certificate errors please try Windows SSL Management Tool.

  2. If your web site is externally accessible, you can enter the name having problems into the SSL Cert Tester tool to help you diagnose common problems.

  3. For instructions about other various certificate tasks, please see the Common Certificate Tasks page.

SSL Certificates for Microsoft Internet Information Server 6

How to install your SSL Digital Certificate to Windows Server 2003.