IIS 8 and IIS 8.5 SSL Certificate CSR Creation
For a simple way to renew your certificate for IIS 8, see Microsoft IIS 8 and IIS 8.5: SSL Certificate Renewal Using the DigiCert® Certificate Utility for Windows.
How to Generate an SSL Certificate Renewal CSR in Microsoft IIS 8 and IIS 8.5
Best practices are to generate a new certificate signing request (CSR) when renewing your SSL certificate.
-
Open Internet Information Services (IIS) Manager.
From the Start screen, type and click Internet Information Services (IIS) Manager.
-
In Internet Information Services (IIS) Manager, under Connections, click your server's Hostname.
-
In the center menu, in the IIS section, double-click the Server Certificates icon.
-
In the Actions menu, click Create Certificate Request to open the Request Certificate wizard.
-
On the Distinguished Name Properties page, enter the following information:
Common name Enter the name that will be used to access the certificate. This name is usually the fully-qualified domain name. For example, www.domain.com or mail.domain.com. Organization Enter the legally registered name of your organization/company. Organizational Unit Enter the name of your department within the organization. For example, you can enter IT or Web Security. You can also leave the text box blank. City/locality Enter the city in which your organization/company is located. State/province Enter the state/province in which your organization/company is located. Country/region Type or select your two-digit country code from the drop-down list. If necessary, you can find your two-digit country code in our SSL Certificate Country Codes list. -
Click Next.
-
On the Cryptographic Service Provider Properties page, enter the following information:
Cryptographic service provider In the drop-down list, select Microsoft RSA SChannel..., unless you have a specific cryptographic provider. Bit length In the drop-down list, select 2048. -
Click Next.
-
On the File Name page, click the … box to browse to a location where you want to save the CSR file, enter the filename, and then click Open.
If you only enter the filename without selecting a location, your CSR file is saved to the following location: C:\Windows\System32.
Make sure to note the filename and the location where you saved your CSR file. You need to open this file as a text file, copy the entire body of the text file (including the Begin New Certificate Request and End New Certificate Request tags), and paste it into the online order process when you are prompted.
-
Click Finish.
Renew Your SSL Certificate
Renew your SSL certificate from inside your DigiCert CertCentral account.
Are you new to the DigiCert team? You can "replace" your certificate with a DigiCert certificate. Order your new certificate here - Purchase Your DigiCert Certificate.
-
Log into your CertCentral account.
-
In CertCentral, in the left main menu, click Certificates > Expiring Certificates.
-
On the Expiring Certificates page, next to the certificate you want to renew, click Renew Now.
A certificate doesn't appear on the Expiring Certificates page until 90 days before it expires.
-
Follow the instructions provided inside your account to renew your SSL certificate.
-
Add your CSR
When renewing the certificate, you'll need to include a CSR. On the "Renewal" page, under Certificate Settings, upload the CSR file you saved to the server.
You can also use a text editor (such as Notepad) to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it in the Add Your CSR box.
-
After you place the order to renew your certificate, DigiCert verifies your information.
-
If we need any additional information, we will promptly contact you by phone or email. If no additional information is required, we will most likely issue your certificate within an hour.
Install your new SSL Certificate: Windows 2012 Server
-
Save your certificate file to the IIS server from which the CSR was generated.
-
Open Internet Information Services (IIS) Manager.
From the Start screen, type and then click Internet Information Services (IIS) Manager.
-
In Internet Information Services (IIS) Manager, under Connections, click your server's Hostname.
-
In the center menu, in the IIS section, double-click the Server Certificates icon.
-
In the Actions menu, click Complete Certificate Request to open the Complete Request Certificate wizard and complete your request.
-
On the Specify Certificate Authority Response page, under File name containing the certification authority’s response, click the … box to browse to the .cer certificate file that DigiCert sent you, select the file, and then click Open.
-
Next, enter the following information:
Friendly name Enter a friendly name for the certificate. You will use this name to identify this certificate. We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-DigiCert-Nov2015. This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name. Select a certificate store... In the drop-down list, select a certificate store. -
Click OK.
-
In Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and then select the site on which you want to enable SSL.
-
In the Actions menu, under Edit Site, click Bindings.
-
In the Site Bindings window, select binding for https, and then click Edit.
-
In the Edit Site Binding window, in the SSL certificate drop-down list, select your newly installed SSL Certificate by its friendly name, and then click OK.
-
Your new SSL Certificate should now be installed to your server.
Installation or Troubleshooting Help
For help with your SSL Certificate installation or troubleshooting, use our DigiCert® Certificate Utility for Windows.
Test Your Installation
If your web site is publicly accessible, our DigiCert® SSL Installation Diagnostics Tool can help you diagnose common problems.