Microsoft KB Archive/277893

= How to Renew Certificates That Are Used with IIS 4.0 =

Article ID: 277893

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Certificate Services 2.0
 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q277893



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
Certificates that are installed on computers running Internet Information Server (IIS) 4.0 are usually set to expire in one year from the issue date depending on the Certificate Authority that issued them.

If you have a certificate that is about to expire, you have the option of renewing it to make sure that it continues to be valid. This article describes the steps in the renew process.



MORE INFORMATION
In IIS 4.0, certificates are set in Key Manager and bound to different IP addresses and ports. To renew a certificate that is used with a certain Web site, perform the following steps:  In Internet Service Manager, open Key Manager. Click the key for which you want to renew the certificate. On the drop-down menu, click Key, and then click Create Renewal Request. If you have an online certificate authority (such as Microsoft Certificate Server 1.0 or 2.0), click Automatically send the request to an online Authority, and then follow the wizard to complete the renew process.

If you do not have an online certificate authority, click Put the request in a file that you will send to an Authority. Select the request file, and note the directory where you save it. Click Next, fill in the information, and then click Finish to complete the wizard. When you get a message stating that the request has been generated, click OK. You now have a renewal request file.NOTE: If you received your certificate from a third-party authority (for example, Verisign), you need to send them the renew request file, and wait for them to send the renew request. (You can then continue from step 14.)

If you are running Microsoft Certificate Server 1.0 or 2.0, and received the original certificate from it, you can submit the renewal request by using the Web interface.

</li> Open the request file generated in the previous step, and then copy the following section:

-BEGIN NEW CERTIFICATE REQUEST- until and including -END NEW CERTIFICATE REQUEST-

</li> Open your Certificate Server Web interface (for example, http://CertificateServerName/certsrv).</li> Click Request a certificate, click Next, click Advanced Request, and then click Next. (In Certificate Server 1.0, click Certificate enrollment tools, click Process a certificate request, and go to step 11.)</li> Click Submit a certificate request using a base64 encoded PKCS#10..., and then click Next.</li> In the Saved request box, paste the text that you copied in step 7, and then click Next.</li> Click Download CA certificate, and then save the file on your hard drive. You now have the renewed certificate.</li> In Internet Service Manager, open Key Manager.</li> Select the key that you requested to renew, click Key on the menu, and then click Install Key certificate.</li> Select the new .cer file that has the reply to your renewal request, and then click OK.</li> Enter the password for the certificate, and then click OK.</li> Verify the server bindings. If the Web site is bound to Any Unassigned, this key should be bound to All Unassigned. If the Web site is bound to a specific IP address and port combination, this key should be bound to the same IP address and port combination. Click OK.</li></ol>

You have successfully renewed the certificate that is used with IIS 4.0.

Additional query words: iis 4

Keywords: kbinfo KB277893

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.