Import Digicert CRT renewal file into IIS

We got this issue multiple times each and every year. Our clients are using various certificate providers, one of them is Digicert. Each year they are receiving certificate renewal with a bunch of CRT files in it.

The issue is that IIS is not importing CRT files just like that. But there is an easy way to renew the certificate using the CRT file.

Steps to perform

As the first step, you have to create the certificate renewal request. Since you already have your “old” certificate in IIS, you should go to the IIS Manager, click on your server name in the tree view on the left, and select Server Certificates icon from the area on the right.

Next, right-click on the certificate you want to renew and select “Renew” from the context menu.

The new window appears, in which you should select “Create a renewal certificate request”. On the next steps, you should provide the name of the certificate request file (it will not be used) and finish the creation of the renewal request.

As the last step, you should right-click on the “old” certificate again, select “Renew” from the context menu, and this time “Complete certificate renewal request”. On the next screen, select the CRT file you received – the one with your domain name. Please note that IIS is looking for CER files, but you can change it to show *.* (all files) instead. This way you can select your proper CRT file.

Once selected, click Finish and your new certificate will be imported. As the last step, you should review your IIS bindings and switch them to the new certificate.

To make sure that your certificate is imported properly, I suggest using Qualys SSL Server Test. It clearly shows if your imported certificate is valid and is working properly.