How to renew a Web Server certificate in Windows Server 2008

renewssl-certificatewindows-server-2008

The SSL certificate for my web site just expired a few days ago, and I would like to renew it.

I originally issued it two years ago using my Windows 2008 Certificate Authority, and it's worked without a hitch in all that time, so I would like to renew the certificate as simply as possible to make sure that all the applications relying on that certificate continue to work.

I can open an MMC instance and add the Certificates snap-in for the Local Computer. I can find the relevant certificate under Personal, but I can't renew it.

When I select Renew certificate with new key I get the following message:

Web Server Status: Unavailable
The permissions on the certificate template do not allow the current user to enroll for this type of certificate.
You do not have permission to request this type of certificate.

However, I can't understand this, as I'm logged on as a Domain Admin and I'm running the MMC instance in elevated mode.

I've checked the Web Server certificate template, and Domain Admins have the Enroll permission on this template.

FWIW, I also tried rebooting the server.

How can I renew the certificate?

Best Answer

It is not possible to renew an expired certificate. You will have to issue a new certificate.

Reference: http://technet.microsoft.com/en-us/library/dd378790(WS.10).aspx

You cannot renew a certificate that has already expired. If you try to renew a certificate that has expired, the certification authority (CA) will reject the request, and you will see an error message similar to "Error Verifying Request Signature or Signing Certificate. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file." This message will also be displayed in the Failed Requests node of the issuing CA. If your certificate has already expired, you must request a new certificate instead of renewing the existing certificate.

Related Topic