How To Renew or Create New Certificate Signing Request While Another Certificate Is Currently Installed
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
This article describes how you can create a new certificate signing request (CSR) or generate a renewal request without having to remove the existing certificate from your Web site.
To create a new CSR or generate a renewal request while another certificate exists on your Web site, follow these steps:
- In the Microsoft Management Console (MMC), right-click the default Web site, click New, and then click Site.
- Create a new site and give it a temporary name.
- Right-click the new site, click Properties, click the Directory Security tab, and then click Server certificate.
- Select Create new certificate and follow the wizard to create a new CSR. When prompted, select Prepare the request now but send it later.
- Use the CSR that you just created to request a new certificate from the certificate authority (CA) that issued the original certificate.
NOTE: If you are renewing a VeriSign certificate, see the following Web site: Renew SSL Certificates
If you are unable to renew the certificate by using this Web site, you can reach VeriSign's renewal department at the following e-mail address or telephone numbers:
Technical Support: (877) 438-8776
Sales: (650) 429-3347
- When you receive the certificate from VeriSign or another third-party CA, save it to your hard drive. Remember the serial number of this certificate and where you save it.
- Right-click the temporary site that you created in step 2, click Properties, click the Directory Security tab, click Server certificate, and then click Next. Follow the wizard. When prompted, select Process the pending request.
- After the certificate has been installed, click OK, and then stop and start the Web site.
- Right-click the temporary site that you created in step 2, click Properties, click Directory Security, and then click Server certificate.
- Select Remove the current certificate and follow the wizard. This removes the certificate from IIS, but the certificate remains in the certificate store.
- Right-click the Web site that has the original server certificate installed (that is, the certificate that you are renewing or replacing), click Properties, click Directory Security, click Server certificate, and then select Replace the current certificate.
- Select the certificate that you just installed. If you see duplicate certificate names, make sure that you select the certificate that matches the serial number that you noted in step 6.
NOTE: If IIS does not display the new certificate, you may need to copy it from the personal certificate store that is located under Certificates - Current User in the MMC into the personal certificate store that is located under Certificates (Local Computer). To view the personal certificate store, add the Certificates snap-in for the User Account to your MMC.
Article ID: 295281 - Last Review: 05/27/2014 02:34:00 - Revision: 6.0
Microsoft Internet Information Services 5.0
- kbinfo KB295281