Installing Manual Wildcard Cert renewal on IIS

ccarlin · December 1, 2018, 8:01pm

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Windows 10

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I renewed my certificate manually (via a virtualbox linux instance) and now want to renew the installed certificate on my IIS Server (also used for email) how do I update the existing certificate? I have tried going thru IIS and install or renewing with the pfx file and it doesn’t seem to do anything.

JuergenAuer · December 1, 2018, 8:24pm

Hi @ccarlin

what have you tried?

You must load the certificate in the Machine Certificate Store (under Webhosting). Not in the Personal Store.

If the certificate is in the correct store, it's only one click to select the new certificate.

JuergenAuer · December 1, 2018, 8:27pm

PS: This

https://transparencyreport.google.com/https/certificates/8syrczmarlprBmO5nDGne7v4nG3UU234HsV%2FPxUVd0I%3D

looks that you have created a wrong wildcard certificate.

You should have a certificate with two domain names:

*.ccarlin.com
ccarlin.com

Because *.ccarlin.com doesn’t work with ccarlin.com, but you should have a https binding with ccarlin.com.

ccarlin · December 2, 2018, 6:21pm

Yeah I found that out (missing ccarlin.com) a little too late after creating the initial certificate. I have kind of worked around via some redirection on my website but it is a royal pain.

ccarlin · December 3, 2018, 2:59pm

Turned out I copied the old pfx file that I created the first time I generated the certificate not the new one I just created with openssl (was pulling from the wrong directory). Which is why nothing was happening when I installed it since it was already installed. So user error.

system · January 2, 2019, 3:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.