Knowledge Base
How to create a CSR without removing your current certificate in IIS
How to create a CSR in IIS 5.x/6.x without removing the current certificate
Currently the Renew option within IIS 5.x/6.x does not work as intended most of the time. Since IIS does not allow your site that is currently running SSL to generate a Certificate Signing Request (CSR) without removing the existing certificate. For most sites this is not a viable option since the SSL portion of your site would be down until the new certificate was put in place. In order to obtain a certificate for your existing web site you will have to do the following.
Note: You may want to print this page for your records.
(In IIS Admin)
- Create a Temporary site within IIS.
Note: If you're unsure of how to do this step please see the first item in the Related Items section below.
- Right-Click on the newly created site and click Properties.
- Click the Directory Security tab and then click Server Certificate button.
(Enter Server Certificate Wizard)
- Go through the wizard and enter the exact same information you have on your existing certificate.
Note: Common Name examples: yoursite.com, mail.yoursite.com, etc.
- Send us (Comodo) the CSR.
- Install the certificate by proccessing the pending request on the Temporary site created in step 1.
Note: If you're not familiar with installing SSL certificates on IIS, click here for instructions.
(On the production website)
- Right-Click on the Production site and click Properties.
- Click the Directory Security tab and then click Server Certificate button.
(Enter Server Certificate Wizard on production website)
- Select Replace the current certificate and click Next.
- Click Next until you are out of the wizard.
Note: A typical site is bound to https on port 443 with a unique IP Address.
- You may now delete the Temporary Site AFTER you have installed your certificate!