This is a process which we have to do every 2 years, so I thought I’d better create a post about it, so I don’t lose it.

• Create CSR (Certificate Signing Request) using local or server IIS – Other methods are avaliable ie: open SSL
  • Open IIS, click ‘Server Certificates’, click ‘Create Certificate Request…’
  • Upload that CSR to your chosen certificate provider and purchase certificate
• Once request is approved download the Certificate bundle
• Extract bundle
• Complete Certificate in IIS where you created the CSR
  • Open IIS, click ‘Server Certificates’, click ‘Complete Certificate Request…’
• Export Certificate as PFX
  • Open IIS, click ‘Server Certificates’, Right click certificate and Export
• Import the PFX to the requires servers
  • Run certlm.msc, Personnel, Certificates, Right click and Import, point at PFX
• Delete the old Expiring Certificate
  • Run certlm.msc, Personnel, Certificates, Find old certificate based on expiry date and delete.
• Change IIS site binding for 443 or required secure port to point at the new certificate
  • Open IIS, browse in tree to show site, click ‘Bindings’, find SSL port double click and change Certificate in ‘SSL certificate:’ drop down box.

Test new certificate is working

• Browse to site in Chrome, right click the Secure / Padlock area click ‘Certificate (Valid)’ check Valid From / To entries.