Improve company productivity with a Business Account.Sign Up

x
?
Solved

Correcting CSR mistakes

Posted on 2011-09-30
3
Medium Priority
?
2,805 Views
Last Modified: 2012-05-12
Hello all,

Windows 2008 Server, IIS 7
I have an SSL certificate coming up for renewal.  I generated a renewal request in IIS 7, but VeriSign will not accept the CSR, saying it is an invalid format.  Can I use Create Certificate Request with the same parameters as last year?  If I generate a new CSR, how does IIS know which request I am attempting to complete when I install the certificate (since it will have 2 pending requests)?  Can I just delete the "bad" request using the Certificates MMC snap-in?
0
Comment
Question by:dactechs
3 Comments
 
LVL 10

Assisted Solution

by:ThorinO
ThorinO earned 300 total points
ID: 36894367
Ya you can delete the bad request and request a new one. http://www.geocerts.com/csr/iis_renew_7
0
 
LVL 3

Author Comment

by:dactechs
ID: 36894573
Thanks for the reply ThorinO. I didn't state my problem very clearly.  The IIS 7 Renew apparently does not work if your CA is VeriSign. The generated CSR will be refused. Regardless, I now have 2 pending requests on my server, both of which I would like the server to completely forget about. I would like to know the steps to perform this task. Then, I do not know if simply creating a new CSR with the matching CN, OU, etc.will work for an expiring Certificate. I am hoping that it will, but I don't want to go there until I can start with a clean slate.
0
 
LVL 8

Accepted Solution

by:
Shmoid earned 1700 total points
ID: 36894703
To delete the pending requests launch the certificates snap-in (computer store) goto the "Certificate Enrollment Requests\Certificates" folder. Delete the two items you created and delete the .csr files from where ever you saved them.

Also, you should be able to renew with IIS7 and VeriSign. I've done it dozens of times. Could it be that one of the fields in your requrest does not exactly match what your accout specifies? You mentioned invalid format. Are you choosing Microsoft for Server Platform on the VeriSign page where you paste the CSR?

As you mention, you could just create a new CSR rather than use renew. It will work as long as every field matches exactly. No need to worry about the old cert. Just install the new one. Bind it in IIS (and any other web apps that might use the cert if applicable) and then delete the old one. You can even leave the old one in place.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

602 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question