Knowledgebase Security and Compliance How to install and renew SSL certificates

How to install and renew SSL certificates

SSL stands for Secure Sockets Layer. SSL certificates are digital certificates which provide a secure connection between the user’s browser and web server. They are useful for securing online transactions. They use Hyper Text Transport Protocol Secure (HTTPS) to create a secure channel over an insecure network.

There are four parts to install and renew your SSL certificates on a Windows server.

  1. Generating a Certificate Signing Request (CSR).
  2. Obtaining SSL certificate from a Certificate Authority (CA).
  3. Configuring your web server (IIS).
  4. Renew SSL certificate.

First, let’s generate a CSR.

1. On the start menu, search for ‘IIS Manager’ and open it.


2. In the Connections pane, click on server name and double click on Server Certificates icon in the middle pane.


3. In the Actions pane, click on Create Certificate Request.


4. Fill out the Distinguished Name Properties.

  • Common Name: The fully qualified domain name (FQDN) for the site (domain-name.com).
  • Organization: The legal name of your organization.
  • Organizational Unit: Your department (e.g., IT).
  • City/Locality: The city where your organization is located.
  • State/Province: The state/province where your organization is located.
  • Country/Region: The two-letter country code (e.g., US).

Now, click on Next.

5. Specify Cryptographic Service Provider Properties.

  • Choose Microsoft RSA SChannel Cryptographic Provider for the Cryptographic service provider.
  • Select 2048 for the Bit length.

Click on Next.   

6. Choose the location to save the file and click on Finish.

Next, we will obtain the SSL certificate. You can get an SSL certificate from Windows Server 2022. Convert your SSL certificate text file to .crt file.

The third part of the process is to install the SSL certificate.

  1. Search for IIS Manager in the start menu, and double click on the Server Certificates icon. In the right pane, select the Complete Certificate Request.

Note: Certbot on Windows can automate the renewal process of SSL certificates from Let’s encrypt.  

  • Download and install Certbot from the official Certbot website. 
  • Follow the instructions on the Certbot website for auto renewal on Windows. 
  1. Fill out the Specify certificate Authority Response.
  • Enter the path of .crt file.
  • Give it a friendly name, in order to quickly identify the certificate.
  • Select a certificate store for the new certificate, either personal or web hosting.

Click on OK.

The last step is renewing your SSL certificate.

  1. SSL certificates are valid for 1-2 years. Set yourself a reminder to renew them before they expire.
  2. Follow the steps in Step 1: Generate a CSR to create a new CSR for renewal.
  3. Submit a new CSR to your CA and get a renewed certificate.
  4. Follow steps in Step 3: Install the SSL certificate to install renewed certificate.

That’s it! You have made it through all four parts involved in installing and renewing your SSL certificates.

Related Topics

How to Enable Two-Factor Authentication (2FA) on Kamatera

How to Set Up Zabbix for Comprehensive Monitoring on Kamatera

How to Create a Firewall on a Windows Server

How to Deploy an OPNSense Firewall on Kamatera

How to install Vesta Control Panel on Ubuntu

Have additional questions? Search below: