Originally asked at https://stackoverflow.com/questions/1462009/renew-a-ssl-cert-on-iis6
My manager ordered a new wild card cert for our website as our current is expiring in a few days. Now, I am stuck as I cannot figure out how to install it? It is a cert from GoDaddy.com. I have downloaded it to my server. Upon unzipping it I have a PB7 file (intermediate cert) and a CRT file.
I open IIS6, click Properties on the website I want to update (it already has the old SSL Cert on it). Click on the Directory Security tab then the Server Certificate... button.
Now, I am presented with the following options:
* Renew the current certificate - was done manually through GoDaddy and no pending renewal was ever issued.
* Remove the current certificate - does not sound right for us.
* Replace the current certificate - possible...
* Export the current certificate to a .pfx file
* Copy or move the current certificate to a remote server site
Now, when I choose the REPLACE option it presents me with a dialog of already installed certs!!! My new one is not in there.
What the heck do I do? Google/Bing is being of no help to me right now.
NOTE: I have since been on the phone with GoDaddy support. Working on a test server the only way we could figure this out was to remove the old cert then generate a request, rekey the cert on GoDadddy, download and install via IIS6. Is there not a way to do this without dropping SSL on a production server?
This turns out to be a conflict between our current cert (1024 bit) and GoDaddy's new policies for certs (>= 2048 bit). The CSR that was being generated by IIS6 during a renew wizard was wrong. We ended up having to delete the old cert then request a new cert via the CSR process. All installed now but created a new error for our end users. (See Peer's Certificate has been revoked).