we were notified by GD that our wildcard SSL cert would be expiring and they helpfully have supplied a new one.. .I say new one I mean 3 files (a .crt, a .pem and a .p7b though I've no idea what the latter two are).
I can't believe it's quite as complicated as it appears to be... I thought I could just right click on the expiring cert, click renew... the select complete certificate request provide the .crt file that was provided by GD and that would be that... when I do that, nothing happens... it sits and thinks for a while then the screen disappears... I asked the man at GD if it would automatically kick over to the new cert when the old one expired but I wasn't confident he knew that would be the case....
Can anyone give me a definitive answer on how to renew an exist SSL cert in IIS ?
that's wrong. This action attempts to generate new request and submit request to Microsoft CA.
If you were given the certificate in
.crtformat, then you must install it to Local Machine\Personal (via certlm.msc) and then run the command in elevated command prompt:I can assume that new certificate contains same public key. If it is the case, the command above will re-associate new certificate with private key and then you can replace the certificate in IIS web site bindings.
The real reason behind the disappearing certificate from IIS Manager is documented in my blog post. Your situation is not different, as .crt you received contains only the certificate, so IIS Manager cannot locate the original private key. I don't use GD for certificates, so I don't know what they sent you in the .pem and .p7b files either.
What you should do is to contact GD for instructions on how to move on. You need to ask them which private key they targeted when generating the new certificate. If they said that they went against your old private key (which you used to request the old certificate), then you need to locate that (such as exporting it from your current machine). Then you can merge the private key with the new certificate as PFX and import into IIS Manager.
Hire a consultant if you can, as I doubt how many server administrators know every details of certificates.