How do I generate a new CSR without losing the current SSL cert in IIS?

In the last year, my organization has changed the way we get certificates from Verisign.  I can no longer renew my existing certificates, instead I must replace them.  (Our organization's name changed slightly.)

I have a web site in which the SSL cannot go off line for an extended period of time.  (It often takes my PKI admin a day or two to process a cert request.)  

How can I generate a new CSR for this web site and process it without taking the current SSL certificate offline?

This is a Windows 2003 server running IIS 6.
mdrappAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shreedhar EtteCommented:
Hi,

Refer this article:
http://www.geocerts.com/csr/iis_6

Hope this helps,
Shree
0
mdrappAuthor Commented:
That article is great if I don't have a certificate already in place.  What I need to do is create a new CSR for a new certificate while keeping the currently installed certificate working and then replace it later.
0
Shreedhar EtteCommented:
That's correct.
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Springy555Commented:
You can generate a CSR while keeping an existing certificate in place.

If you go to the 'Directory Security' tab for your website, clikc the Server Certificate button.  Select to renew the current certificate, and then choose to preperate the request now, but send it later.

You will then be prompted for a location to save the CSR txt file to.

This won't affect the current certificate, and the CSR will contain the exact same details as your previous certificate (eg domain name, organisation name etc).  You can then send this CSR to any other cert authority who will give you a new cert.
0
mdrappAuthor Commented:
That's the problem, I need the "renewal" request to contain different information.  Everything is the same except my organization name has changed.
0
ParanormasticCryptographic EngineerCommented:
Create a dummy site and create the request from there with the production name.  Install it there and then export including private key to .pfx file.  When you are ready to install to prod then import that .pfx file into prod site.  Note that you will need to reboot afterwards.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Springy555Commented:
In IIS5, you can change details such as common name by clicking the back button once it prompts you for a location to save the CSR.

With IIS6 this doesn't happen.  Create a temporary website (doesn't matter about website name, ip address or host headers) and generate a CSR request from here using the correct details.

When you are sent the cert, you can then install it on the server and replace the previous cert associated with the website with this new one.  There won't be any downtime, and you won't need to reboot the server.
0
mdrappAuthor Commented:
That was the answer:  using a temporary web site to do the new CSR and export the new cert!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.