Solved

Correcting CSR mistakes

Posted on 2011-09-30
3
2,382 Views
Last Modified: 2012-05-12
Hello all,

Windows 2008 Server, IIS 7
I have an SSL certificate coming up for renewal.  I generated a renewal request in IIS 7, but VeriSign will not accept the CSR, saying it is an invalid format.  Can I use Create Certificate Request with the same parameters as last year?  If I generate a new CSR, how does IIS know which request I am attempting to complete when I install the certificate (since it will have 2 pending requests)?  Can I just delete the "bad" request using the Certificates MMC snap-in?
0
Comment
Question by:dactechs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Assisted Solution

by:ThorinO
ThorinO earned 75 total points
ID: 36894367
Ya you can delete the bad request and request a new one. http://www.geocerts.com/csr/iis_renew_7
0
 
LVL 3

Author Comment

by:dactechs
ID: 36894573
Thanks for the reply ThorinO. I didn't state my problem very clearly.  The IIS 7 Renew apparently does not work if your CA is VeriSign. The generated CSR will be refused. Regardless, I now have 2 pending requests on my server, both of which I would like the server to completely forget about. I would like to know the steps to perform this task. Then, I do not know if simply creating a new CSR with the matching CN, OU, etc.will work for an expiring Certificate. I am hoping that it will, but I don't want to go there until I can start with a clean slate.
0
 
LVL 8

Accepted Solution

by:
Shmoid earned 425 total points
ID: 36894703
To delete the pending requests launch the certificates snap-in (computer store) goto the "Certificate Enrollment Requests\Certificates" folder. Delete the two items you created and delete the .csr files from where ever you saved them.

Also, you should be able to renew with IIS7 and VeriSign. I've done it dozens of times. Could it be that one of the fields in your requrest does not exactly match what your accout specifies? You mentioned invalid format. Are you choosing Microsoft for Server Platform on the VeriSign page where you paste the CSR?

As you mention, you could just create a new CSR rather than use renew. It will work as long as every field matches exactly. No need to worry about the old cert. Just install the new one. Bind it in IIS (and any other web apps that might use the cert if applicable) and then delete the old one. You can even leave the old one in place.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question