Renew an RdWeb Certificate

This is the procedure for a paid certificate, i’ll create another procedure for a free certificate from ZeroSSL or LetsEncrypt.

The process starts on the server where you create a Certificate request. This is the safe method, where the private key never leaves your server. Your Certificate provider CAN create both the public and private keys and send them to you, BUT then an attacker could search through your email, find your private key and eaves-drop on all your conversations.

Logon to the console of the RdWeb server and start the IIS Manager

My RdWeb server is named THOR

Click Server Certificates, its under the IIS category

IF you want a NEW certificate, In the right hand “Actions” pane choose “Create Certificate Request”

This is going to ask you a bunch of questions

IF you have a certificate and you want to renew it, with the SAME information, right click the certificate and choose Renew..

This creates the certificate request but doesn’t ask all those questions, instead it uses the answers that were provided in the last certificate request.

this will create a Certificate Request File (.csr) that you need to send to your certificate provider.

When you get an answer back from your Certificate provider, you can see the option to “Complete the certificate request” in the right hand, Actions pane of the IIS manager.

This image has an empty alt attribute; its file name is image-8.png

Use the 3 dots here to browse to the certificate response (.cer or .crt) Friendly Name can be anything, but i recommend including info like the Provider Name, Certificate Expiry Date, Web Site Name. Think Ahead, you may only have a single site/provider/expiry today but if you have multiple in the future, how will you tell tell the certs apart? Certificate store isn’t important, it’s just for organization.

I have NEVER complained about having too much information but i regularly complain about having too little.

Before we start this next section, Right click the task bar at the bottom of the screen and choose Task Manager. click the users tab to verify that nobody else is using the server as our next change may disrupt them.

We now have 2 certificates and we need to tell IIS which one to use. In the left pane choose “Default Web Site”, and click “SSL Settings” in the middle pane. In the right pane, click on “Bindings..”

choose https and click edit

Click the down arrow under SSL certificate, to choose which cert to use. you can see I have an old cert from 2020 selected. It’s the current certificate so the OK button is greyed out. Select your new certificate and click OK.

Now to update RDS:

Import Certificate

Select the cert that expires later, and click Import.

Now if you refresh the Public RdWeb page it will report the new certificate.

Now reboot the server to get everything in sync.