Simplistic, works for me when adding a certificate for WSUS.
Create Certificate Request:
From the IIS server needing the new certificate, open IIS Manager:
- In the left window pane, select the server. - In the center window pane, select "Server Certificates". - In the right window pane, select "Create Domain Certificate Request". - Enter the information in the pop up window. - Cryptographic Service Provider: "Microsoft RSA SChannel Cryptographic Provider" - Bit Length: 2048
This should submit a request to the domain CA and automatically return a certificate. This will of course depend on how your CA is setup for approving similar requests.
Bind to the new certificate to the web site:
- In the left window pane, select the web site Possibly "Default Web Site", or maybe not. - In the right window pane, select "Bindings…". - In the "Site Bindings:" pop up, choose add or edit. I'm doing edit here. - Select "HTTPS" and click the "Edit" button. - Select the new certificate. - In the right window pane, restart the service.
The new certificate expiration date can be viewed in “Server Certificates” (see step one above) .