SBS Server 2011 – Renew Expired Web Server SSL Certificate

If you have found yourself with an expired or lapsed security certificated for your IIS or Exchange server web services, the below steps will guide you through a successfull renewal with no hassle on the client workstations.

First you will need to update your certificate templates in order to grant permission for the current logged in user on the server to allow renewal of the certificate.

Open MMC

Add/Remove snapin or Ctrl+M

Add Certificate Templates

Add Certificates, choosing Computer Account , Local Computer

Add Certificate Authority, Local Computer, Click Ok

Click Certificate Templates, scroll down to Web Server, Right click , Properties

Click Security, Add logged in user, assign Read/Write/Enroll. Do the Same for Authenticated Users

If your certificate has expired, then change the date back to the day before expiry

Still in the MMC, now choose Certificate Authority

We now need to renew the CA certificate for the date on the current PC – Right Click Server name, All Tasks

Renew CA Certificate, Yes

Now we can renew the Web Server certificate, in MMC click Certificates (Local Computer)

Click Personal, Certificates

Find the certificate to be renewed, Right click, All Tasks, Advanced Operations, Renew this certificate with the same key…

Click Next , Enroll

Repeat this for all certificates that have expired

New set the date back to the current date

Repeat the step to renew the CA Certificate, Choose Certificate Authority, Right Click Server name, All Tasks

Renew CA Certificate, Yes

Now we can renew the Web Server certificate again, to add the exact years from current date and not expired date – This step can be skipped

Finally, we need to assigned the renewed certificate, open SBS Console

Click Networking, Connectivity, Certificate

Add a trusted certificate from right options, next

Select I want to use a certificate already installed on the server

Select the certificate, Click Next

Click Finish