How to create a CSR without removing your current certificate in IIS

The renewal request option within IIS 5.x or better does not create a request in a PKCS10 format. It throws an invalid country code in there (QC for Quebec) IIS 5.x or better does not allow your site that is currently running SSL to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a SSL session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following.

Please read and print these instructions before submitting your new certificate request.

1. Leave your existing site that currently has the certificate installed alone.

2. Create another Temporary site within IIS (this does not have to be a functional site, see Related Items).

3. Enter Properties for the newly created Temporary site, then go to the Server Certificate button ( Certificate Wizard) to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace.

4. Install this certificate into your new Temporary site; follow the process the pending request by selecting the certificate file we sent you. Complete the installation of your new certificate into your Temporary web site.

5. Go to your Production web site, enter Properties, and select Replace the current certificate - choose the new certificate from the list.

6. Make sure you bind the web site to a unique IP address at https Port 443, then Stop and then Start your web site. Your new certificate should be installed.

7. Now delete the new Temporary site!

8. When convenient, go into your MMC console (with Certificate snap-in for the local computer added) and delete the old certificate. (optional step you may leave this certificate on the server if you wish)

9. Export the certificate with the private key in PFX format through the MMC (Right Click on the certificate, select "All tasks" then select "export". Do make sure you export with the private key!)

Related Item:
Creating a New Web Site
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What does the Warranty actually mean?

We believe it is important to protect the end user. If we were to issue a certificate in error to...

Why does the secure part of the website say the name on the security certificate is invalid or does not match the name of the site?

There are a few possible reasons for this:1) The certificate has a Common Name (CN) of...

The CSR cannot be decoded or is invalid

CSR is possibly missing one or more required fields.The CSR must contain a minimum of the...

I have accidentally deleted or lost my Private Key

First check your backups and see if you can re-install the "private key". If you don't know how...

I have changed my server, or moved to a different provider, how do I move the certificate?

If you are moving servers or providers, you will need to get the certificate and private key from...