These are the steps I recently followed to renew a third party (GoDaddy) SSL certificate on a 2012 R2 Essentials server. Although these steps have been documented many, many times over the years, it doesn’t hurt to review the process and make sure it works properly.
The overall process has three major parts to it:
- Generate SSL request on the server
- Request and rekey the certificate on GoDaddy’s site and download new certificate
- Install the intermediate cert and your domain SSL cert on the server
Part One – Server
- Open up the Essentials dashboard, click on Quick Status from the left column of the screen, then click Anywhere Access from the middle column, and finally click “Click to configure Anywhere Access” from the right column of the screen.
- In the next window ( Settings – Anywhere Access) click on the Configure… button. Please note, there’s a red X in my screen shot. That’s because my SSL certificate is about to expire. However, DO NOT click on the “Repair…” button. Just click on the “Configure…” button
- In the next windows (Set up Anywhere Access) make sure that you UNcheck the option labeled “Skip Domain name setup. I have already set up my domain”
- In the next window, select “Import a new trusted SSL certificate”
- In the next window, first verify your domain name to be registered, which should already be correct as we are renewing an existing SSL certificate. Then click to enable the option “I want to purchase a trusted SSL certificate for this domain”
- The next screen is the important one. It should display for you automatically the certificate request that you will need. If you need to , open up Notepad and then copy everything inside the box, starting with “—-BEGIN NEW CERTIFICATE” all the way to the very end.
If you wish, leave this window open while you go to Part Two and request the new certificate from GoDaddy
Part Two – GoDaddy
- Open up a browser, go to GoDaddy’s web site, login, and go to your registered SSL for your domain and select to purchase/renew it. I’m not including screen shots of this process. Go Daddy will generate an email to verify you are the owner of this certificate.
- Once that is done and approved you can proceed on the GoDaddy site to rekey your certificate. It will ask you to copy/paste in the certificate request info we just generate (that starts with “—-BEGIN NEW CERTIFICATE REQUEST…”
- After you paste and submit this information, GoDaddy will generate another email to you with the link to download the certificate and instructions for installing it.
- When you are at the screen to download your certificate, you must select what Server type you will be using this on. From the drop down, select IIS. Then download the generated zip file. If you are not doing this step from the server, then you will need to copy the zip file over to the server.
- Unzip the zip file on the server. You will have two files, one with a .p7b suffix and the other with a .crt suffix
Part Three – Server
Before we go back to the Essentials dashboard that we left open, we first need to go to MMC and insert the new p7b intermediate file from GoDaddy.
- The steps to do this is provided by GoDaddy (click here). In short:
- Run C, add the Certificates add-in, select Computer Account, select Local Computer.
- Once Certificates is added, drill down to Certificates > Intermediate Certification Authorities, right click and select All Tasks > Import.
- Click to browse, change the file extension in the browse window to “all files”, then locate the .p7b file that came from the zip file, and load it. Once done, you can close MMC.
- Now we return to the Essentials dashboard that we left open. If it’s still sitting on the “Generate a certificate request’ window, go ahead and click Next.
- On the next window (“A trusted SSL certificate is in progress…”), click on the first option: “I have the trusted SSL certificate…” and click Next
- On the next screen (Import the trusted certificate), click to Browse, change the file extension again to “all files” then locate the file ending with .crt that you unzipped, and click Next.
- Wait while the new certificate is installed. You will get a green check window indicating that the domain is set up. You have one final step – to add this to Anywhere Access
- On the next screen, you can select to enable VPN access and/or Remote Web Access. I only select Remote Web Access, as I use my network firewall/router box for VPN connectivity.
- Go ahead and select what you need, and you will be all done. You will also see that the red X we saw earlier should now have disappeared, since the SSL certificate is now up to date.