This is a process which we have to do every 2 years, so I thought I’d better create a post about it, so I don’t lose it.
- Create CSR (Certificate Signing Request) using local or server IIS – Other methods are avaliable ie: open SSL
- Open IIS, click ‘Server Certificates’, click ‘Create Certificate Request…’
- Upload that CSR to your chosen certificate provider and purchase certificate
- Once request is approved download the Certificate bundle
- Extract bundle
- Complete Certificate in IIS where you created the CSR
- Open IIS, click ‘Server Certificates’, click ‘Complete Certificate Request…’
- Export Certificate as PFX
- Open IIS, click ‘Server Certificates’, Right click certificate and Export
- Import the PFX to the requires servers
- Run certlm.msc, Personnel, Certificates, Right click and Import, point at PFX
- Delete the old Expiring Certificate
- Run certlm.msc, Personnel, Certificates, Find old certificate based on expiry date and delete.
- Change IIS site binding for 443 or required secure port to point at the new certificate
- Open IIS, browse in tree to show site, click ‘Bindings’, find SSL port double click and change Certificate in ‘SSL certificate:’ drop down box.
Test new certificate is working
- Browse to site in Chrome, right click the Secure / Padlock area click ‘Certificate (Valid)’ check Valid From / To entries.