Update SSL Certificate in IIS

Owned by Knowledge Assistant
Last updated: Jan 22, 2024 by Moriah Yorkey
2 min read
Description of Issue

The certificate bound to the website is invalid or expired and needs to be updated with a new certificate.

Context

  • Munis

  • IIS (Internet Information Services)

  • SSL

  • Certificate

  • Cert

Cause

The certificate is not valid and needs to be updated.

Resolution

  • .PFX format is the most straightforward way to apply a new certificate

    • If requesting assistance from TSM Support to update the certificate, it is the responsibility of the client to provide the certificate as a .PFX file and the associated password. 

  • The certificate needs to be imported to the personal certificate store before it can be bound to the sites in IIS

Import certificate to personal certificate store with IIS

  1. Open IIS (Internet Information Services)

  2. In the Connections panel, click the server name

  3. In the middle section, double click Server Certificates

  4. In the Actions panel on the right, click Import

  5. Click the ellipses and locate the .PFX certificate file and click Open

  6. Enter the certificate password

  7. Leave Select Certificate Store set to Personal

  8. Allow this certificate to be exported can be left checked off unless you would not like it to be exportable

  9. Click OK


After the certificate is imported to the personal store, bind certificate to web site(s) in IIS

  1. In the Connections panel, expand the server and Sites folder by clicking the arrows

  2. Right click Default Web Site > Edit Bindings

    1. OR, click Default Web Site, then in the Actions panel, click Bindings…

  3. Double click the binding with Type: https

    1. OR, select the binding with type https and click Edit

  4. From the SSL Certificate dropdown, select the new certificate

    1. You can click View to review certificate details to verify the correct certificate is selected

  5. Click OK, then click Close

  6. Repeat steps for each web site under Sites

Additional Information

To verify the certificate is applied, in the Actions panel on the right, under Browse Website, select Browse [site] on *.443 (https). The site will open in a browser window. Click the security icon in the browser (it looks like a small padlock) to view the certificate.

Alternate method: Import certificate to personal certificate store with MMC

  1. Open MMC (Start > Run > MMC)

  2. Click File > Add/Remove Snap In

  3. Select Certificates and click Add

  4. Select Computer Account > Next > Local computer > Finish

  5. Click OK

  6. Expand Certificates > Personal > Certificates

  7. Right click the Certificates folder and select All Tasks > Import…

  8. In the Certificate Import Wizard, click Next

  9. Click Browse

  10. In the Open window, change the file extension filter to Personal Information Exchange (*.pfx;*.p12)

  11. Locate the certificate file and click Open

  12. Click Next

  13. Enter certificate password

  14. If desired, check off Mark this key as exportable

  15. Click Next

  16. Select Place all certificates in the following store: Personal and hit Next > Finish

  17. Old certificates can be removed from the personal store by right clicking and selecting Delete

  18. Close the console and select No to Save console settings

  19. Bind certificate to web site(s) in IIS

Â