How to create a CSR in IIS 5.x/6.x without removing the current certificate
Currently the Renew option within IIS 5.x/6.x does not work as intended most of the time. Since IIS does not allow your site that is currently running SSL to generate a Certificate Signing Request (CSR) without removing the existing certificate.
For most sites this is not a viable option since the SSL portion of your site would be down until the new certificate was put in place. In order to obtain a certificate for your existing web site you will have to do the following
Problem: My current SSL expired and the site is hosted at IIS 6 and need to replace a new one
Solution: To renew the SSL, we have to create a temporary site in IIS and generate new CSR in order to get new SSL for the current site
Step 1. Create Temporary site in IIS 6
1. Create a Temporary site within IIS.
2. Go through Welcome to the Web Site Creating Wizard. This wizard helps you create a new Web Site on this computer.
3. Web Site Description. Describe the web site to help administrators identify it.
I am calling it as Temp Site for Generating CSR
4. IP address and Port Settings. Specify an IP address, port settings, and host header for the new Web site.
In this case I am not worried about these information since it’s a temporary site for generating CSR
5. Web Site Home Directory. The home directory is the root of your web content subdirectories.
6. Web site access permissions. Set the access permissions for this web site.
This depend on the type of site your hosting.
7. Complete the Web Site creation Wizard.
Step 2: Create Web Server Certificate
1. Right click your temporary web site which you created and go to Properties
2. In properties, Click on Directory Security and Click Server Certificate
3. Welcome to the web server certificate wizard comes. This wizard helps you create and administer server certificates used in
secure web communications between your server and a client.
Status of your web server: Your web server doesn’t have a certificate installed and you don’t have any pending requests.
Certificate wizard will help you to create a new certificate for this web server or attach to an existing certificate.
4. Server Certificate. These are the methods of assigning a certificate to a web site
- Create a new certificate
- Assign an existing certificate
- Import a certificate from a key manager backup file
- Import a certificate from a .pfx file
- Copy or move a certificate from a remote server site to this site.
Select create a new certificate and click next
5. Delayed or immediate request. You can prepare a request to be send later, or you can send one immediately.
Do you want to prepare a certificate request to be send later, or do you want to send it immediately to an online certification authority?
In this case, I am going to prepare the request now , but send it later
6. Name and security Settings. Your new certificate must have a name and a specific bit length.
Type a name for the new certificate. The name should be easy for your to refer to and remember
7. Organization Information
8. Organization Information
Your certificate must include information about your organization that distinguishes it from other organization.
Select or type your organization’s name and your organizational unit. This is typically the legal name of your organization and the name of your division or department.
9. Your Site Common Name
This is very important. You need to enter the correct name of your site which you want generate CSR.
Type the common name for your site. If the server is on the internet, use a valid DNS name. If the server is on the intranet,
you may prefer to use the computer’s NetBIOS name.
If the common name changes, you will need to obtain a new certificate
10. Geographical Information: The certification authority requires the following geographical information.
11. Certificate Request file Name. You certificate request is saved as text file with the file name you specify.
12. Verify your request file summary and click next to generate CSR file for your web site
Step 3: Provide CSR to your SSL Provider
1. Login into your SSL Provider Web Site
2. Provide your CSR file which you generated
5. In this case, I am going to delete the existing certificate which I created and
generate new one with 2048 bit encryption. I added new CSR file and it worked
Once my SSL is ready, I will post a blog about how you can added back to your site with expired SSL certificate.