Renewing Certificates

Use

Acquire a new certificate before the former expires, otherwise the services cease to work.

When you use same information and CA, the services recognize the certificate without any configuration changes.

Procedure

  1. Generate certificate request using same information as was used in the previous certificate request.

  2. Acquire certificate from the same CA.

  3. Receive and install the certificate

  4. Verify the certificate with the Certificates MMC Snap-in tool. Expand the Certificates > Personal > Certificates. You should see the new certificate there as well as the old one.

  5. Delete the old certificate which will expire soon. If you don’t delete this, system will continue using the old certificate even past the expiration date – it does not automatically switch to the new one.

  6. Restart the Connection and Web Servers.

To test the new certificate, open the CDT, or other service that is using the certificate, correspondingly.

Checking CA Certificate Expiration

If you use a self-signed certificate, you must install the CA’s certificate on the client computer as well to trust the CA. These certificates (typically .p7b files) do not expire as often as actual certificates but it depends on the expiration date set when the CA was configured.

Check this on any client machine where you have the .p7b file installed:

  1. Open Internet Explorer, and choose Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities.

  2. Find the name of your CA and check the expiration date. If this is still in date, then the new self-signed certificate you added to the server will work with this old .p7b file.