Previously in Internet Information Services (IIS) 6, you could easily renew an already installed certificate. Doing this renew option kept all the same details in the certificate and created a new CSR.
In IIS 10, Microsoft has not changed the behavior of this since IIS 7 and IIS 8.5. The renew option available to you in the SSL Certificates section of IIS issues a PKCS#7 formatted CSR that isn't recognized as valid by many CSR decoders and CA applications. As a result of this, when a certificate needs to be renewed within IIS 10, it must be done by creating a new certificate request rather than by renewing the existing certificate.
Below are the steps for creating a new CSR.
- First, you must open IIS (Internet Information Services) 10.
- Click on Start.
- Go to Windows Administrative Tools.
- Click on Internet Information Services (IIS) Manager from the list.
- In the Internet Information Services (IIS) Manager window, click on your server in the Connections pane on the left.
- In the middle pane, double-click on the Server Certificates Icon.
- In the Actions pane to the right, click on the Create Certificate Request... link.
- In the Request Certificate window, enter in the appropriate information into each field. Use the guide below to help you.
Common Name: This will be the Common Name on the certificate. The Common Name is the Host + Domain Name. It looks like “secure.example.com” or “example.com”.
Organization: The legal name of your organization.
Organizational Unit: This field is the name of the department or other group making the request.
City/Locality: The locality field is the city or town name, for example: Hamilton or Stamford.
State/Province: Spell out the state completely; do not abbreviate the parish, state or province name, for example: Pembroke of Connecticut.
Country/region: Use the two-letter code of your country without punctuation, for example: BM or UK or CH.
- Once you have finished entering in the required information, click on the Next button.
- Leave the Cryptographic server provider: as default (Microsoft RSA SChannel Cryptographic Provider).
- Select a Bit length of 2048 bit or higher. Click on the Next button.
- At the File Name screen, click on the ... button and specify a location to save the CSR. After saving the CSR, click on the Finish button.
- Browse to the location where you saved your CSR, open it and submit it to the QuoVadis Trust/Link Portal.