jump to navigation

IIS5 and intermediate certificates April 25, 2011

Posted by jamesisaac in Uncategorized.

Notes regarding renewing an SSL certificate – we use Thawte for some of our SSL certs and in the past year they have moved to using intermediate certificates (along with everyone else). When you renew the certificate in IIS5, on a Windows 2000 server, you can either get the PKCS #7 cert which contains the intermediary certificates, or do like I did and get the x.509 cert because that’s what you used last year.

Once applied, you will find that SSL breaks because the certificate path can’t be verified. Oh noes. So quickly go back to IIS and replace your current certificate with the previous one (you do have a couple of days before it expires, right?)

Then go to the SSL provider’s website and download the intermediate certificates. In Thawte’s case, they are located here:


Download the SSL CA and the Primary Root CA. Create a new MMC for the Certificates snap-in (specifying the Local Computer as the target), and then import the certificates. They should import successfully.

After they are imported, you can go back to IIS and replace your old certificate with the new one you added earlier, and then verify that the SSL path is verified from the root to the intermediate to your new cert.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: