DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Microsoft IIS 7 | Renew SSL Certificate

Solution ID : TL149
Last Modified : 04/22/2025

The platform on this page has been retired, and is no longer supported. Microsoft ended support for IIS 7 on January 14, 2020. It is recommended to upgrade.

Microsoft IIS7 | Renew SSL Certificate 

Easy IIS 7 SSL Certificate Renewal using DigiCert Utility

For a very simple way of renewing your certificate for IIS 7, please see the SSL Cert Renew Util for IIS 7 page. This guides you through creating a new CSR, installing the certificate, and more.


How to Generate an SSL Certificate Renewal CSR in Microsoft IIS 7

Best practices are to generate a new certificate signing request (CSR) when renewing your SSL certificate.

  1. Open the IIS Manager by going to Start > Administrative Tools > Internet Information Services (IIS) Manager.

  2. Under Connections, click your server's Hostname.

  3. In the center window pane, scroll down to and Double-Click the Server Certificates icon.

  4. On the right window pane, under Actions, click the link to Create Certificate Request....

  5. Enter the following information in the "Distinguished Name Properties" and click Next:

    Common Name - Typically, the domain (e.g., www.yourdomain.com) computers will connect to this server.
    Organization -    Your organization's or company's legally registered name (e.g., Your Company, LLC; Your Company, Inc.)
    Organizational unit - Your organization's department name (If unsure, enter 'IT').
    City/locality -     The city/municipality where your organization is located.
    State/province - The state where your organization is located.
    Country/region - Your country's abbreviated two-letter country code.

  6. Choose Microsoft RSA SChannel and 2048, and then click Next.

  7. Save your CSR file to a location. Then open this file in Wordpad, hit (Ctrl+A) and (Ctrl+V) to select all and copy the contents to the clipboard.


Renew Your SSL Certificate

Renew your SSL certificate from inside your DigiCert CertCentral account.

Are you new to the DigiCert team? You can "replace" your certificate with a DigiCert certificate. Order your new certificate here - Purchase Your DigiCert Certificate.

  1. Log in to your CertCentral account.

  2. In CertCentral, in the left main menu, click Certificates > Expiring Certificates.

  3. On the Expiring Certificates page, next to the certificate you want to renew, click Renew Now.

    A certificate doesn't appear on the Expiring Certificates page until 90 days before it expires.

  4. Follow the instructions provided inside your account to renew your SSL certificate.

  5. Add your CSR

    When renewing the certificate, you'll need to include a CSR. On the "Renewal" page, under Certificate Settings, upload the CSR file you saved to the server.

    You can also use a text editor (such as Notepad) to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it in the Add Your CSR box.

  6. After you place the order to renew your certificate, DigiCert verifies your information.

  7. If we need any additional information, we will promptly contact you by phone or email. If no additional information is required, we will most likely issue your certificate within an hour.


Installation Instructions to Renew your Windows 2008 Server SSL Certificate

  1. Save your certificate file to the IIS server from which the CSR request was generated.

  2. Open the IIS Manager and on the left side, click on your server's name, and in the center window pane, scroll down to Server Certificates and open it.

  3. Under the Actions pane, click to Complete Certificate Request.

  4. Click to browse the .CER certificate file DigiCert sent you, and give the certificate a Friendly Name to help you refer to in the future, and click Ok.

    Note: You may receive the following error messages when installing the certificates:
    "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." "ASN1 bad tag value met".


    If you created the CSR (AKA pending request) for the certificate you are installing, you can ignore this error, close the dialog bo,x and hit the "F5" key to update the list of available installed certificates.
    If you can see your certificate with the friendly name you just assigned, click to go to the next step.
    If your certificate isn't listed, please contact DigiCert support for assistance.

  5. Under the Connections window pane, expand your server's computer name, then click the Site that you want to enable SSL on.

  6. In the Actions menu, click Bindings... then select the binding for https and click 'Edit'.

  7. In the 'SSL certificate' drop-down menu, select your newly-installed SSL Certificate by its friendly name, and click Ok.



    Your new SSL Certificate should now be installed on your server. IIS 7 Host Headers.

For help with your cert installation or troubleshooting, try our new Windows SSL management tool.


Test Your Installation

If your website is publicly accessible, our SSL Cert Tester tool can help you diagnose common problems.