Reinstalling New SSL Certificate in IIS

12/03/2025 10:20 am EST
  1. Log into Web/Domain/Certificate Provider and download the newest certificate  pfx preferred or you can generate from the web machine you created the RSA token from
  2. Copy the certificate files onto the server where IIS is installed
  3. On the IIS Server, type Windows + R:

Run Type the name of a program, folder, document, or Internet resource, and Windows will open it for you. Open:

  1. Type in mmc and hit Enter
  2. Go to File -> Add/Remove Snap-in
  3. Select Certificates, then click Add>:

Add or Remove Snap-ins You can select snap-ins for this console from those available on your computer and configure the selected set ofsnap-ins. For extensible snap-ins, you can configure which extensions are enabled Available snap-ins: Snap-in ActiveX Control n Authorizaton Manager Certificates Services Computer Managem... De Manager Disk Management Event Viewer Fax Service Manager Group Policy Object . Internet Informabo... Internet Informabo... [P Securitv Monitor Description : Selected snap-ins: Console Roo t Microsoft Cor Microsoft Cor... Microsoft Cor... Microsoft Cor.. Microsoft Cor... Microsoft Cor.. Microsoft and Microsoft Cor... Microsoft Cor.. Microsoft Cor... Microsoft Cor... Microsoft Cor... Microsoft Cor... Microsoft Cor Edi t Extensions.. Remove Move up Move Donn The Certficates snap-in allows you to browse the contents of the certificate stores for yourself, a service, or a computer.

  1. Select Computer Account then click Next>.
  2. Select Local Computer then click Finish.
  3. Click OK and Right-click on Intermediate Certification Authority->All Tasks->Import

Console Root Certificates (Local Computer) Personal Trusted Root Certification Authoriti Object Type Certificate Revocation List Certificates Enterprise Trust Intermediate Certif- Certificate Rev Certificates Trusted Publishers Untrusted Certifi Third-Party Root C Trusted People Client Authenticati Remote Desktop Certificate Enrollm Smart Card Truste Trusted Devices Find Certificates... All Tasks View New Window from Here New Taskpad View... Refresh Export List... Help Find Certificates... Import...

  1. Click Next
  2. Next to File Name, click Browse and Navigate to the file path where you copied the downloaded certificate files
  3. Select the file with the .p7b extension and Click Next
  4. Make sure the radio button is checked for "Place all certificates in the following store" and that "Intermediate Certificate Authorities" is selected:

Certificate Import Wizard C«tifiGte Certficate stores are system areas where certficates are kept. Windows can automabcally select a certficate store, or you can specify a location for the certficate. O Automabcally select the certficate store based on the type of certficate @ Place all certficates n the following store Certficate store: Intermediate Certficabon Authorites

  1. Click Next and Click Finish.
  2. Right-click on Personal, go to All Tasks -> Import:

Console Root v Certificates (Local Computer) Object Type Certificates Personal Cert Trusted Enterpris Interme Cert Cert Trusted Untruste Third-Pa Trusted Client A Find Certificates... All Tasks New Window from Here New Taskpad View... Refresh Export List... Help Find Certificates... Request New Certificate... 1m portm Advanced Operations

  1. Click Next.
  2. Next to File Name, click Browse and Navigate to the file path where you copied the downloaded certificate files.
  3. Select the file with the .crt extension and Click Next.
  4. Make sure the radio button is enabled for "Place all certificates in the following store" and that "Personal" is selected:

Certificate Import Wizard C«tifiGte Cert ficate stores are system areas where cert ficates are kept. Windows can automabcally select a certficate store, or you can specify a location for the certificate. C) Automabcally select the certficate store based on the type of certficate @Place all certficates in the following store Cert ficate store: P sonal Cancel

  1. Click Next, click Finish.
  2. Under Personal, navigate down to Certificates, and in the middle pane, right-click on the new certificate and click Open:

Console Root v Certificates (Local Computer) Personal Ce Micat es Trusted Root Certification Authoritil Enterprise Trust Intermediate Certification Authoritil Certificate Revocation List Certificates Trusted Publishers Untrusted Certificates Third-Party Root Certification Auth' Issued To localhost Issued By All Tasks Copy Delete Properties Help Certificate Auth.. Expiration Date 1/29/2021 9/28/2073 Intended Purposes Server Authenticati... Server Authenticati... Friendly Name < Ncne> Bold Localhost Cert.. Status Certificate Te..

  1. Click on the Details and Copy the serial number.
  2. Open an elevated command prompt and Run the command certutil - repairstore my <Serial # > and press Enter.

Select Administrator: Command Prompt Microsoft Windows [Version 18.8.14393] (c) 2816 microsoft Corporation. All rights reserved . C: CO-Manitoucloud>certutil -repairstore 56392f4b68S6døa7

  1. You should get a result like this:

  1. Once completed, edit the binding to use the newly added Certificate.
  2. Export and apply password if needed for .pfx file.     If you have a requirement to use a jks key, you can convert the pfx key (optional)

[Optional] To convert the exported pfx to jks format, we need to use the java keytool command on the TSP Server.

  1. Locate keytool.exe. and then past the following command into an elevated command prompt with the proper paths
  2. "C:\Program Files (x86)\TSplus\Java\bin\keytool.exe" -importkeystore -srckeystore c:\Temp\cert.pfx -destkeystore c:\Temp\cert.jks
  4. Place new cert.jks file in C:\Program Files (x86)\TSplus\Clients\webserver replacing the old one
  5. To ensure propagation, restart the web server when convenient in TSPlus.

[This will kick everyone off the server for a few minutes]

Was this article helpful?
Thank you for your feedback!
User Icon

Thank you! Your comment has been submitted for approval.

Copyright © 2024-26 Bold Group All rights reserved.