How to Renew an SSL Certificate in IIS (Windows Server Guide) Step-by-step renewal without downtime SSL certificates eventually expire, and if you're running an intranet on IIS, you'll need to renew and re-bind them periodically. This guide walks you through the process of generating a renewal request (CSR), submitting it to your certificate authority (CA), and updating your bindings to prevent any downtime. What You'll Need- Admin access to your intranet server (Windows Server + IIS)
- The expiring certificate installed on the server
- Access to your certificate authority (CA) account (e.g., DigiCert, GoDaddy, Sectigo)
Step-by-Step: Renew the Certificate- Check certificate expiration
Open IIS Manager → click 'Server Certificates' and review the expiration date of your current certificate. Start renewal at least 30 days before it expires. - Generate a renewal CSR
In 'Server Certificates', select the expiring certificate and click 'Renew' in the right-hand Actions pane. Save the generated CSR string to Notepad; you'll need it for your CA.
- Submit CSR to your CA
Log into your CA's portal and paste the CSR into the renewal form. Follow their instructions to complete payment (if applicable). - Validate domain ownership
If your CA requires validation, follow their instructions (usually adding a DNS record or uploading a text file to the public domain). - Download the renewed certificate
Once approved, download the renewed certificate file (.crt or .p7b). If provided as a ZIP, extract it before proceeding. - Complete the certificate request in IIS
Back in IIS, click 'Complete Certificate Request...' in the right-hand Actions pane and select the new certificate file. Assign a friendly name for easy identification (e.g., 'Intranet SSL - Exp 08/2026'). - Update the HTTPS binding
In IIS, open 'Bindings' for your intranet site, select the existing HTTPS binding, and choose the renewed certificate from the dropdown. Click 'OK'. - Test HTTPS
Browse to your intranet over HTTPS to confirm the new certificate is active. You can also run certutil -store my in PowerShell to verify.
Tips and Common Issues- Start early. If the certificate expires, users will see browser warnings âš and login credentials could be exposed.
- If you renew multiple certificates often, consider a central internal CA to automate issuance and avoid manual renewals.
- Keep the old certificate until you're sure the renewed one works - never delete it immediately.
Renewing SSL certificates isn't just about avoiding browser warnings - it's also critical for maintaining compliance and ensuring your intranet remains audit-ready for regulators. Banks and credit unions that let certificates lapse can face findings in their next exam.
Common Questions
Can I renew a certificate before it expires?
Yes. Most certificate authorities allow renewal up to 90 days before expiration so you have time to complete the process without downtime.
Do I need to generate a new CSR when renewing?
Yes, you'll typically generate a new Certificate Signing Request (CSR) during renewal for security. It uses a new key pair and updates all certificate details.
Will renewing the SSL certificate cause downtime?
No. As long as you complete the 'Complete Certificate Request' and re-bind the new certificate to HTTPS before the old one expires, users won't notice any interruption.
Can I automate SSL renewals?
If you run an internal certificate authority or use solutions like Let's Encrypt with ACME clients, you can automate renewals. Standard public CA renewals in IIS are manual.
|
Published August 1, 2025
When frontline questions go unanswered, service slows down. Learn how banks and credit unions can use their intranet to capture questions, update FAQs, and give staff the answers they need instantly.
Published July 30, 2025
Your frontline staff can't deliver great customer or member service if they can't find answers quickly. Learn how instant intranet search helps banks and credit unions avoid frustrating delays and stand out with faster, more accurate service.
Published July 29, 2025
Shared drives and email chains aren't enough. See how banks and credit unions can centralize, control, and maintain documents using a modern intranet-driven document management approach.
|
