How to generate a Certificate Signing Request (CSR) file in Microsoft IIS 5.0 or 6.0 without removing the existing certificate

 

To generate a new CSR without removing the current certificate, a temporary website must be created. This workaround will apply for IIS servers that currently have certificates installed, but a new CSR (with different information in the Distinguished Name) needs to be created. Creating a temporary website allows you to keep a current certificate active on the site while another certificate request is pending.

Step 1: Generate a Certificate Signing Request (CSR) file without removing the existing certificate

  1. Click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager
  2. Right-click Web Sites
  3. Select New > Web Site
  4. The Web Site Creation Wizard will open. Enter Temporary as the web site name > click Next NOTE: In the Wizard simply bypass all settings by clicking Next. However, you will need to specify a path. The directory you select is completely arbitrary and will not affect the CSR generation.
  5. Click Finish NOTE: The temporary web site does not need to be started for this process.
  6. Right click the temporary site > select Properties > Directory Security > Server Certificate
  7. Select Create a New Certificate 
NOTE: When generating a request, the IIS 5 Wizard will pre-populate the Distinguished Name fields (Organization, Organizational Unit, etc.). Do Not accept these. Delete the pre-populated entry and enter the details again based on the existing certificate information contained in the Subject field.
  8. Click Finish

Step 2: Install SSL certificate

Once you receive the new certificate, save it in notepad with the extension .txt, then:

  1. Right-click the temporary site > select Properties > Directory Security > Server certificate
  2. Select Process the Pending Request
  3. Complete the wizard to install the certificate
  4. Right-click the production site > select Properties > Directory Security > Server certificate
  5. Select Replace the current certificate 
 NOTE: If there is no certificate installed on the website, select Assign an Existing Certificate
  6. Select the certificate that you have just installed > click Finish
  7. Stop and Start the website
 Posted by at 12:53