Generate Certificate Signing Request (CSR) in Microsoft IIS 5/6 without removing the current certificate

Problem

Generate CSR without removing the current certificate
Change CSR information without losing the current certificate
Generate CSR without overwriting the current certificate
Create renewal CSR with changes
Create renewal request
Create new CSR

Resolution Summary

To work around this problem without having to 'remove' the existing certificate from your web site, do the following:

a) Generate a temporary Website.

b) Generate the pending request and CSR on the Temporary website.

c) After receiving the certificate, install the certificate to the Temporary website.

d) On the actual website, replace the certificate with the newly installed certificate.

 

Resolution Detail

1. In IIS right click the Default Web Site and click on New > Web Site

2. Create a new site. You can give it a temporary name.

3. Right click on this new site and go to Properties > Directory Security > Server certificate

4. Select Create a new certificate and follow the wizard to create a new CSR. Please refer to the following solution: Generating a CSR for IIS6

5. Backup the Private Key file. Very important: if no backup is made and the Private Key is lost, the certificate issued will not work. The Private Key backup instructions can be found in the following solution - Backup a Private Key in IIS6.0

Although a new csr was generated, you are still required to go through the normal renewal process with that new csr.

6. When you receive the certificate back, right click on this temporary site and go to Properties > Directory > Security > Server certificate and follow the wizard to process the pending request.

7. Once the certificate has been installed, go to the correct website and right click Properties > Directory Security > Server certificate.

8. Select the option Replace the current certificate.

9. You will then be able to select the certificate that you have just installed

10. Once installed we strongly advise you to make a backup of your certificate with its corresponding private key. View Solution Backup a Private Key in IIS6.0

11. You can now delete the temporary site that you created previously.

Article ID: 137, Created On: 10/8/2012, Modified: 10/9/2012