GlobalSign Support Centre: Renew with Internet Information Services (IIS)

Global Support Centre > SSL Certificates > Renew SSL > IIS (5 & 6)

  • Please note this guide is not for people using IIS Version 7
  • To renew in IIS7 create a new CSR, complete the pending request and then go to your "Default Web Site" right click on "EDIT Bindings", click ADD and then select the new certificate from the drop down box.
  • For more information to renew and replace in IIS7 please refer to our IIS7 CSR creation instructions

    • Overview: this is a work-around that will allow you to renew your expiring SSL certificate on IIS machine without losing any uptime on your secure site. We are going to first create a "dummy" site in IIS, request a certificate for the dummy site, install a new certificate on the dummy site, and then replace the expiring certificate on your real site with the new certificate on the dummy site. Relax, it's easier than you think.

    1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
    2. You will first need to create a dummy site (a temporary site) in IIS. Right-click on the main server node (local computer) and select New > Web Site. You can call it tempsite. You'll be deleting this site later so you don't need to worry too much with the details of setting it up.
    3. Once you have the temporary site setup you will need to generate a Certificate Signing Request (CSR) for the dummy site. The Common Name (e.g., www.mysite.com) in the new CSR must be the same as your real site. For example, if the certificate you're trying to renew is for 'secure.mydomain.com' then the Common Name in the CSR for the dummy site will also need to be 'secure.mydomain.com'. To generate the CSR follow these instructions
    4. Once you have a CSR for the dummy site you can place a renewal order using that CSR.
    5. GlobalSign will issue your SSL certificate and return it to you by email. Copy the certificate into a text editor such as Notepad and save as yourdomain.cer on your desktop.
    6. Return to the Directory Security tab of your dummy site (not your real site) and click Server Certificate and select Process the pending request and install the certificate. Click Next.
    7. Locate the yourdomain.cer file when prompted to locate your web server certificate. Click Next.
    8. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
    9. Click Next and then Finish on the confirmation screen. The SSL certificate has now been installed on the dummy site and now we have to transfer it to the real site.
    10. Right-click your real web site and then click Properties.
    11. On the Directory Security, under Secure communications, click Server Certificate.
    12. Click Next in the Welcome to the Web Server Certificate Wizard window.
    13. Select Replace the current certificate, Click Next.

      14. Replace current certificate in IIS

    14. You will be asked to select your SSL certificate from a list of installed certificates. Ensure you select the new certificate from the list.
    15. Review the summary screen and ensure that you are processing the correct certificate (check the expiration date). Click Next.
    16. Click Next and then Finish on the confirmation screen. Your old SSL certificate has now been replaced with the new certificate from the dummy site.
    17. You may safely delete the entire dummy site.