Installing Manual Wildcard Cert renewal on IIS

ccarlin · 2018-12-01 20:01:41 UTC

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Windows 10

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I renewed my certificate manually (via a virtualbox linux instance) and now want to renew the installed certificate on my IIS Server (also used for email) how do I update the existing certificate? I have tried going thru IIS and install or renewing with the pfx file and it doesn’t seem to do anything.

JuergenAuer · 2018-12-01 20:24:51 UTC

Hi @ccarlin

what have you tried?

You must load the certificate in the Machine Certificate Store (under Webhosting). Not in the Personal Store.

If the certificate is in the correct store, it’s only one click to select the new certificate.

JuergenAuer · 2018-12-01 20:27:56 UTC

PS: This

https://transparencyreport.google.com/https/certificates/8syrczmarlprBmO5nDGne7v4nG3UU234HsV%2FPxUVd0I%3D

looks that you have created a wrong wildcard certificate.

You should have a certificate with two domain names:

*.ccarlin.com
ccarlin.com

Because *.ccarlin.com doesn’t work with ccarlin.com, but you should have a https binding with ccarlin.com.

ccarlin · 2018-12-02 18:21:36 UTC

Yeah I found that out (missing ccarlin.com) a little too late after creating the initial certificate. I have kind of worked around via some redirection on my website but it is a royal pain.

George026 · 2018-12-03 05:49:17 UTC

This post was flagged by the community and is temporarily hidden.

ccarlin · 2018-12-03 14:59:33 UTC

Turned out I copied the old pfx file that I created the first time I generated the certificate not the new one I just created with openssl (was pulling from the wrong directory). Which is why nothing was happening when I installed it since it was already installed. So user error.