Ask a Question

Advanced Search

Solution ID : SO6425

Last Modified : 05/02/2018

Generate Certificate Signing Request (CSR) in Microsoft IIS 6 without removing the current certificate


To generate a new CSR without removing the current certificate, a temporary website can be created. This workaround will apply for Microsoft IIS 6 servers that currently have a certificate installed on the production site, but a new CSR needs to be created. Creating a temporary website allows the current certificate to remain active on the site while another certificate request is pending. After installing the certificate on the temporary web site, it can be applied to the production web site.  The temporary site will never be started, it is created only for the purpose of generating and completing a request.


Step 1: Create a temporary website:

  1. Click Start > All Programs > Administrative Tools Internet Information Services (IIS) Manager
  2. Right-click Web Sites
  3. Select New > Web Site

  1. The Web Site Creation Wizard will open. Enter Temporary as the web site name. > click Next

NOTE: In the Wizard, simply bypass all the settings by clicking Next. However, you will need to specify a path. The directory you select is completely arbitrary and will not affect the CSR generation.  In the below example, the C:\ drive is chosen as the Home Directory


  1. Click Finish

     NOTE: The temporary web site does not need to be started for this process.  If the web site is started, right click the temporary site and 
     select Stop


Step 2: Generate Certificate Signing Request without removing existing certificate 

  1. Right click the temporary site > select Properties > Directory Security > Server Certificate
  2. Select Create a New Certificate > Next > Prepare the request now, but sent it later > Next
  3. Provide the friendly name for this certificate.  The friendly name is a label that will help you identify the certificate if multiple certificates are installed.  For the bit length, specify 2048 (current standard) or 4096.  Click Next.

  1. Complete the IIS Certificate Wizard to generate the new Certificate Signing Request.

    NOTE: The IIS Certificate Wizard will pre-populate the Distinguished Name fields (Organization, Organizational Unit, and each subsequent wizard window.). DO NOT accept these
    Delete the pre-populated entry and enter the details again based on the existing certificate information contained in the Subject field.
  1. Click  Finish

    The newly created CSR can now be used during enrollment. Typically this will be submitted during a Renewal of a certificate.
    NOTE: The temporary web site and pending request option need to remain available until the certificate is returned as it will need to be installed on the temporary web site.

Once the certificate is issued, follow the steps from this link to install it on the server.