Ask a Question

Advanced Search

Solution ID : SO22033

Last Modified : 05/31/2019

Managed PKI for SSL - How to install a renewal certificate on a temporary site and assign it to the production site in Microsoft IIS 5 or IIS 6 ?


This document provides instructions for installing renewal certificate into IIS 5.0 and 6.0. If you are unable to use these instructions for your server, DigiCert recommends that you contact Microsoft.
This solution contains two Methods to install your SSL Certificate:

Method 1: Installing the certificate received via e-mail.

Method 2: Installing the certificate downloaded from Managed PKI for SSL subscriber service page.

Method 1: Download and Install SSL certificate sent via e-mail

Step 1: Obtain the SSL certificate sent via email:

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email
    with the Certificate attached (cert.cer), as well as in the body of the email itself.
  2. Copy the SSL certificate and make sure to copy the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
    header and footer. Ensure there are no white spaces, extra line breaks or additional characters.
  3. Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .txt 

    NOTE: If you selected Microsoft IIS  5.0 or above during enrollment, continue with the installation from here

  4. If you are not sure which server software was selected during the enrolment, proceed with Step 2 bellow.
Step 2: Download and Install the Intermediate CA Certificate:
         To download and install the Intermediate CA certificate follow the steps from this link: SO22016
Step 3: Install the SSL Certificate:
         To proceed with the installation steps for your SSL certificate click here

Method 2: Download and Install SSL certificate in PKCS#7 format

Step 1: Download the SSL Certificate from Managed PKI for SSL Subscriber Services Page:
         Download the certificate from Managed PKI for SSL subscriber services page by following the steps from this link: SO6621
         Make sure you download the certificate in PKCS#7 format and save it with the extension .txt or .p7b


Step 2: Installing the Certificate to the Temporary Web Site

  1. Open Internet Services Manager, or the custom MMC containing the Internet Information Services snap-in.
  2. Expand Internet Information Services (if needed) and browse to the Web site you have a pending certificate request on.
  3. Right-click on the Temporary site that was used to generate the key and then click Properties.
  4. Select the Directory Security tab.
  5. Under the Secure Communications section, click Server Certificate.
  6. On the Web Site Certificate Wizard, click Next.
  7. Choose  Process the Pending Request and Install the Certificate. Click Next.
  8. Type in the location of the certificate response file (or browse to the file), and then click Next.
  9. Read the summary screen to be sure that the correct certificate is being processed, and then click Next.
  10. Click Finish to exit the Wizard.

Step 3: Applying the Certificate to the Production Web Site

  1. Right-click on the production site and select Properties.
  2. Select the Directory Security tab.
  3. Under the Secure Communications section, click Server Certificate.
  4. On the Web Site Certificate Wizard, click Next.
  5. Select Replace the current certificate and click Next.
  6. Select the certificate from the list that was installed on the temporary site and click Finish.
  7. Stop and Start the Web server prior to any testing.
  8. Verify your installation with the DigiCert Installation Checker

Microsoft's Resources

         For more information, refer to the following Microsoft Article