DOCUMENT:Q277893  28-JUN-2001  [iis]
TITLE   :How to Renew Certificates That Are Used with IIS 4.0
PRODUCT :Internet Information Server
PROD/VER::2.0,4.0
OPER/SYS:
KEYWORDS:MSGRAPH

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Certificate Services, version 2.0 
 - Microsoft Internet Information Server 4.0 
-------------------------------------------------------------------------------

SUMMARY
=======

Certificates that are installed on computers running Internet Information Server
(IIS) 4.0 are usually set to expire in one year from the issue date depending on
the Certificate Authority that issued them.

If you have a certificate that is about to expire, you have the option of
renewing it to make sure that it continues to be valid. This article describes
the steps in the renew process.

MORE INFORMATION
================

In IIS 4.0, certificates are set in Key Manager and bound to different IP
addresses and ports. To renew a certificate that is used with a certain Web
site, perform the following steps:

1. In Internet Service Manager, open Key Manager.

2. Click the key for which you want to renew the certificate.

3. On the drop-down menu, click Key, and then click Create Renewal Request.

4. If you have an online certificate authority (such as Microsoft Certificate
   Server 1.0 or 2.0), click Automatically send the request to an online
   Authority, and then follow the wizard to complete the renew process.

   If you do not have an online certificate authority, click Put the request in a
   file that you will send to an Authority.

5. Select the request file, and note the directory where you save it.

6. Click Next, fill in the information, and then click Finish to complete the
   wizard. When you get a message stating that the request has been generated,
   click OK. You now have a renewal request file.

NOTE: If you received your certificate from a third-party authority (for example,
Verisign), you need to send them the renew request file, and wait for them to
send the renew request. (You can then continue from step 14.)

If you are running Microsoft Certificate Server 1.0 or 2.0, and received the
original certificate from it, you can submit the renewal request by using the
Web interface.

7. Open the request file generated in the previous step, and then copy the
   following section:

   -----BEGIN NEW CERTIFICATE REQUEST----- until and including -----END NEW
   CERTIFICATE REQUEST-----

8. Open your Certificate Server Web interface (for example,
   http://CertificateServerName/certsrv).

9. Click Request a certificate, click Next, click Advanced Request, and then
   click Next. (In Certificate Server 1.0, click Certificate enrollment tools,
   click Process a certificate request, and go to step 11.)

10. Click Submit a certificate request using a base64 encoded PKCS#10..., and
   then click Next.

11. In the Saved request box, paste the text that you copied in step 7, and then
   click Next.

12. Click Download CA certificate, and then save the file on your hard drive.
   You now have the renewed certificate.

13. In Internet Service Manager, open Key Manager.

14. Select the key that you requested to renew, click Key on the menu, and then
   click Install Key certificate.

15. Select the new .cer file that has the reply to your renewal request, and
   then click OK.

16. Enter the password for the certificate, and then click OK.

17. Verify the server bindings. If the Web site is bound to Any Unassigned, this
   key should be bound to All Unassigned. If the Web site is bound to a
   specific IP address and port combination, this key should be bound to the
   same IP address and port combination. Click OK.

You have successfully renewed the certificate that is used with IIS 4.0.

Additional query words: iis 4

======================================================================
Keywords          : MSGRAPH 
Technology        : kbiisSearch kbiis400 kbCertServSearch kbZNotKeyword3 kbCertServ200
Version           : :2.0,4.0
Issue type        : kbinfo

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 2001.