mdrapp
asked on
How do I generate a new CSR without losing the current SSL cert in IIS?
In the last year, my organization has changed the way we get certificates from Verisign. I can no longer renew my existing certificates, instead I must replace them. (Our organization's name changed slightly.)
I have a web site in which the SSL cannot go off line for an extended period of time. (It often takes my PKI admin a day or two to process a cert request.)
How can I generate a new CSR for this web site and process it without taking the current SSL certificate offline?
This is a Windows 2003 server running IIS 6.
I have a web site in which the SSL cannot go off line for an extended period of time. (It often takes my PKI admin a day or two to process a cert request.)
How can I generate a new CSR for this web site and process it without taking the current SSL certificate offline?
This is a Windows 2003 server running IIS 6.
ASKER
That article is great if I don't have a certificate already in place. What I need to do is create a new CSR for a new certificate while keeping the currently installed certificate working and then replace it later.
That's correct.
You can generate a CSR while keeping an existing certificate in place.
If you go to the 'Directory Security' tab for your website, clikc the Server Certificate button. Select to renew the current certificate, and then choose to preperate the request now, but send it later.
You will then be prompted for a location to save the CSR txt file to.
This won't affect the current certificate, and the CSR will contain the exact same details as your previous certificate (eg domain name, organisation name etc). You can then send this CSR to any other cert authority who will give you a new cert.
If you go to the 'Directory Security' tab for your website, clikc the Server Certificate button. Select to renew the current certificate, and then choose to preperate the request now, but send it later.
You will then be prompted for a location to save the CSR txt file to.
This won't affect the current certificate, and the CSR will contain the exact same details as your previous certificate (eg domain name, organisation name etc). You can then send this CSR to any other cert authority who will give you a new cert.
ASKER
That's the problem, I need the "renewal" request to contain different information. Everything is the same except my organization name has changed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was the answer: using a temporary web site to do the new CSR and export the new cert!
Refer this article:
http://www.geocerts.com/csr/iis_6
Hope this helps,
Shree