This document provides instructions for renewing a SSL Certificate using IIS 5/6. If you are not able to follow this steps, Symantec recommends to contact Microsoft.
Method 1: No changes to certificate information for renewal certificate.
Attention IIS 5.0 users: Microsoft IIS 5.0 contains a bug where the Certificate Renewal Wizard concatenates the Organizational Units into one field. Typically, the resulting renewal CSR will contain an entry in the Organizational Unit field that exceeds the maximum character limit. Therefore, the Certificate Signing Request (CSR) is rendered invalid. This issue was resolved in Service Pack 4 and with a stand alone hot fix. If your server it not up to date, It is recommended to patch the server prior to generating the renewal CSR. For additional information, please see Microsoft Article 325827.
To generate a renewal Certificate Signing Request (CSR) for Microsoft Internet Services (IIS) 5 or 6, perform the following steps:
Important: Once the request has been generated and saved to the location you specified, do not start the IIS certificate wizard again until the renewal SSL certificate is delivered to you.
If the pending request has been tampered with, the certificate and private key will not match up. At this point, you'll have to start over from scratch with a new order.
Once the certificate has been issued, follow the steps from this link to install the certificate on your server: AR233
Method 2: Changes to certificate information during renewal period: