Ask a Question

How do I renew a SSL certificate for Microsoft IIS 5.0 or IIS 6.0?

Solution


This document provides instructions for renewing a SSL Certificate using IIS 5/6. If you are not able to follow this steps, Symantec recommends to contact Microsoft.

Method 1:  No changes to certificate information for renewal certificate.

Attention IIS 5.0 users: Microsoft IIS 5.0 contains a bug where the Certificate Renewal Wizard concatenates the Organizational Units into one field. Typically, the resulting renewal CSR will contain an entry in the Organizational Unit field that exceeds the maximum character limit. Therefore, the Certificate Signing Request (CSR) is rendered invalid. This issue was resolved in Service Pack 4 and with a stand alone hot fix.  If your server it not up to date, It is recommended to patch the server prior to generating the renewal CSR. For additional information, please see Microsoft Article 325827.

To generate a renewal Certificate Signing Request (CSR) for Microsoft Internet Services (IIS) 5 or 6, perform the following steps:

  1. Click Start > All Programs > Administrative Tools > Internet Information Services Manager
  2. In IIS Manager, double-click the local computer > Web Sites folder
  3. Right-click the corresponding Web site to renew the SSL certificate on
  4. Click Properties > Directory Security > Server Certificate
  5. On the Welcome to the Web Server Certificate Wizard window, click Next
  6. Select Renew the current certificate
  7. Select Prepare the request now, but send it later
  8. Click Next
  9. Enter a path and file name to save the request file
  10. Verify the contents of the request
  11. Click Next
  12. Click Finish
  13. Proceed with the Renewal process by following the steps from this link: SO1654


Important: Once the request has been generated and saved to the location you specified, do not start the IIS certificate wizard again until the renewal SSL certificate is delivered to you. 
If the pending request has been tampered with, the certificate and private key will not match up.  At this point, you'll have to start over from scratch with a new order.

Once the certificate has been issued, follow the steps from this link to install the certificate on your server: AR233
 

Method 2:  Changes to certificate information during renewal period:

  1. If certificate information needs to be changed, this is considered a new certificate.
     
  2. To generate a new CSR file from Microsoft IIS 5/6 without removing the current certificate, refer to SO1552.