Import and SSL Certificates in IIS Manager Question

Question

Hello Everybody

I need to Import and SSL Certificates in IIS Manager. On IIS Manager there is already an SSL certificate that will expire next month. I need to import new SSL certificate before old SSL certificate expire.

Question

1. When I import new SSL certificate can I leave old SSL certificate, or must I delete?

Answer 1

Hi @Jacques Rossouw,

When I import new SSL certificate can I leave old SSL certificate, or must I delete?

IIS allows multiple SSL certificates to exist simultaneously, so you can keep the old certificate until it expires while you import and use the new certificate.

So in my opinion, you do not have to delete the old certificate. You can keep both the old and new certificates. The benefit of doing this is that you can ensure that the old certificate is still valid before the new certificate becomes effective in case any problems occur.

Best regards,

Xudong Peng

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

IIS Manager only provides built-in support if your server certificates are coming from AD Certificate Services,

https://learn.microsoft.com/windows-server/networking/core-network-guide/cncg/server-certs/configure-server-certificate-autoenrollment

Therefore, if you use other ways to acquire server certificates, then you have to not only install the new certificates, but also manually edit Windows HTTP API mappings to associate with the new ones. More details about Windows HTTP API can be found in this article.