How to create a CSR without removing your current certificate in IIS5


The renewal request option within IIS 5.x or better does not create a request in a PKCS10 format. It throws an invalid country code in there (QC for Quebec) IIS 5.x or better does not allow your site that is currently running SSL to generate a certificate signing request (CSR) without removing the existing certificate. For most sites this is not an option since your site will not be able to run a SSL session while your certificate is being processed. To obtain a certificate for your existing web site you will have to do the following.

Please read and print these instructions before submitting your new certificate request.

1. Leave your existing site that currently has the certificate installed alone.

2. Create another Temporary site within IIS (this does not have to be a functional site, see Related Items).

3. Enter Properties for the newly created Temporary site, then go to the Server Certificate button ( Certificate Wizard) to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace.

4. Install this certificate into your new Temporary site; follow the process the pending request by selecting the certificate file we sent you. Complete the installation of your new certificate into your Temporary web site.

5. Go to your Production web site, enter Properties, and select Replace the current certificate - choose the new certificate from the list.

6. Make sure you bind the web site to a unique IP address at https Port 443, then Stop and then Start your web site. Your new certificate should be installed.

7. Now delete the new Temporary site!

8. When convenient, go into your MMC console (with Certificate snap-in for the local computer added) and delete the old certificate. (optional step you may leave this certificate on the server if you wish)

9. Export the certificate with the private key in PFX format through the MMC (Right Click on the certificate, select "All tasks" then select "export". Do make sure you export with the private key!)