Follow the instructions of your certificate provider
Updating or installing a TLS certificate often depends on the format of the certificate and the certificate provider. For more exact instructions reach out to your certificate provider for details. For example, GoDaddy has specific instructions for installing their certificates on IIS.
Use a tool to generate your certificate
If you want to manage certificates yourself you may also utilize a 3rd party tool in order to generate and update certificates. We recommend Let's Encrypt and have used that in previous older cloud data centers before our migration to AWS. However, your IT team should vet any tools before using them on production services. Please consult the Let's Encrypt documentation on usage.
General certificate instructions using a PFX file
This page explains how to import a new TLS certificate into your server and replace the expiring certificate for your site. You must already have the PFX file handy from your certificate provider. It should be exported with all certificates in the chain and ideally have a password for security.
Install the new TLS certificate on web server
- Download the certificate to the server.
- Right-click the file and select Install PFX to open the Certificate Import Wizard.
- For Store Location, choose Local Machine. Click Next.
- For File name, input the file path of your TLS certificate. Click Next.
- Enter your password for the certificate. For Import options, check the boxes for the settings below, then click Next.
- Mark this key as exportable
- Include all extended properties
- Select Place all certificates in the following store and choose the Personal folder. Click Next.
- Click Finish.
Replace SSL certificate in IIS
- Open IIS.
- Expand the Sites folder. Click on your site.
- Open your site's bindings (right side).
- Edit your https binding.
- In the SSL certificate dropdown, select the new certificate that you imported earlier.
- Click OK and close the window.
Test it out
Go to your site and confirm in the browser that the new TLS certificate is showing with the correct Valid from date range.