To generate a new CSR without removing the current certificate, a temporary website can be created. This workaround will apply for Microsoft IIS 6 servers that currently have a certificate installed on the production site, but a new CSR needs to be created. Creating a temporary website allows the current certificate to remain active on the site while another certificate request is pending. After installing the certificate on the temporary web site, it can be applied to the production web site. The temporary site will never be started, it is created only for the purpose of generating and completing a request.
Step 1: Create a temporary website:
- Click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager
- Right-click Web Sites
- Select New > Web Site
- The Web Site Creation Wizard will open. Enter Temporary as the web site name. > click Next
NOTE: In the Wizard, simply bypass all the settings by clicking Next. However, you will need to specify a path. The directory you select is completely arbitrary and will not affect the CSR generation. In the below example, the C:\ drive is chosen as the Home Directory
- Click Finish
NOTE: The temporary web site does not need to be started for this process. If the web site is started, right click the temporary site and
Step 2: Generate Certificate Signing Request without removing existing certificate
- Right click the temporary site > select Properties > Directory Security > Server Certificate
- Select Create a New Certificate > Next > Prepare the request now, but sent it later > Next
- Provide the friendly name for this certificate. The friendly name is a label that will help you identify the certificate if multiple certificates are installed. For the bit length, specify 2048 (current standard) or 4096. Click Next.
- Complete the IIS Certificate Wizard to generate the new Certificate Signing Request.
NOTE: The IIS Certificate Wizard will pre-populate the Distinguished Name fields (Organization, Organizational Unit, and each subsequent wizard window.). DO NOT accept these.
Delete the pre-populated entry and enter the details again based on the existing certificate information contained in the Subject field.
- Click Finish
The newly created CSR can now be used during enrollment. Typically this will be submitted during a Renewal of a certificate.
NOTE: The temporary web site and pending request option need to remain available until the certificate is returned as it will need to be installed on the temporary web site.
Once the certificate is issued, follow the steps from this link to install it on the server.