It seems many Small Business Server 2008 existing third party SSL certificates are expiring and some people are confused about how to renew. Instructions on the internet often involve lengthy solutions involving the IIS management console. The forums show that these methods frequently result in failure to import the certificate or it is not properly bound to the default SBS Web Sites.
SBS makes this process very easy. Once again, use the wizards, use the wizards, use the wizards…
Note: This article addresses SBS 2008 and SBS 2011 Standard. If running SBS 2011 Essentials I recomend reviewing Robert Pearman’s Blog article; Renew your SSL Certificate : SBS 2011 Essentials
I should confirm this article addresses 3rd party SSL certificates, if you are using an SBS self-signed certificate, you simply need to run the “Fix My Network Wizard” to renew.
Open the Windows SBS console and browse to Network | Connectivity | highlight “Certificate” | in the right hand menu select “”Add a trusted certificate”
Choose “I want to renew my current trusted certificate with the same provider”
Allow the encrypted certificate request to be generated and click copy. You could go from here directly the the vendor from whom you are going to purchase and renew the certificate, but there are often delays with process so I recommend pasting to Notepad to retain the text file for a few minutes. Alternatively you can click the “save to file” button and accomplish the same thing.
If you think the provider will supply the certificate immediately you can leave this window open and wait, but most often you are best to put the process in “suspend mode” by selecting “My certificate provider needs more time to process the request”
….and complete the wizard.
Next, log onto your certificate provider’s webs site, purchase the certificate renewal, create the certificate by copying and pasting the saved contents of Notepad (the encrypted CSR text) when prompted, wait for your certificate approval (usually sent by e-mail), download the certificate, and save to a location of your choice on the server.
Now you can import the certificate. Once again open the Windows SBS console and browse to Network | Connectivity | highlight “Certificate” | in the right hand menu select “”Add a trusted certificate”. This time choose “I have a certificate from my certificate provider”.
Browse to the location where you saved the certificate.
….and complete the wizard.
You can confirm your certificate has been imported / updated by choosing “View certificate properties” from the same Windows SBS console window, and reviewing the expiry date.