How to create a CSR without removing your current certificate in IIS

The renewal request option within IIS 5.0/6.0 does not create a request in a PKCS10 format. IIS 5.0/6.0 does not allow your site that is currently running SSL to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a SSL session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following.

Please read and print these instructions before submitting your new certificate request.

1. Leave your existing site that currently has the certificate installed alone.

2. Create another virtual site within IIS (this does not have to be a functional site, see Related Items).

3. Enter Properties for the newly created virtual site, then go to the Certificate Wizard to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace.

4. Install this certificate into your new virtual site; follow the process the pending request by selecting the certificate file we sent you. Complete the installation of your new certificate into your virtual web site.

5. Now delete the new virtual site!

6. Go to your Production web site, enter Properties, and select Replace the current certificate - choose the new certificate from the list.

7. Make sure you bind the web site to a unique IP address at https Port 443, then Stop and then Start your web site. Your new certificate should be installed.

8. When convenient, go into your MMC console (with Certificate snap-in added) and delete the old certificate.

Related Item:
Creating a New Web Site