November 2011
« Oct   Dec »

IIS: Renewing SSL certificate from .crt and private key file

One of the client migrated a domain to Windows server to Linux which was using a Godaddy UCC certificate.This certificate expired and i have renewed the SSL as most the other domains listed in it hosting on Linux server without using new CSR request. I have download the certificate suitable for IIS from Godaddy account. The download containing “gd_iis_intermediates.p7b” Godaddy intermediate certificate suit for IIS and a “domain.cert” file.

I read the Godaddy support documentation and did everything as it is described. Also getting same error “CertEnroll::CX509Enrollment::p_Install Response: ASN1 bad tag value met. 0x8009310b (ASN: 267)” So that I can’t install the certificate over the IIS MMC console. It’s still showing older expiry date.

See the pasted image here

Then I confirmed that it was not something related to IIS but with the certificate format which Godaddy had provided.After few hours of Googling, it’s found that we can create .pfx file by converting existing certificate provided by the Godaddy. Openssl have very good tool for doing that.

a. How convert a PEM certificate file and a private key to PKCS#12, Format of IIS .pfx
Download both Cert (mydomain.crt) file, CA bundle file (gd_iis_intermediates.p7b) and private key in a linux box. Then execute it from the terminal.

#openssl pkcs12 -export -out mydomain.pfx -inkey privateKey.key -in mydomain.crt -certfile gd_iis_intermediates.p7b

This will generate the a new file (mydomain.pfx) on the same location which could be understandable to IIS. Now you need it to copy to the IIS server and choose the import option

Choose the import certificate option

Browse the .pfx SSL renewal certificate

Bind the new certificate with respective website

1 comment to IIS: Renewing SSL certificate from .crt and private key file

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>