"Enter Properties for the newly created virtual site, then go to the
Certificate Wizard to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace."
This part confuses me though as obviously it won't be identical, will this matter?
Could someone assist in the best method to achieve my goal?
I was thinking that it might be possible to just remove the current certificate from the IIS menu, then create a new request etc...
Yes that's right. You can generate the certificate request anywhere (even on a different machine) and then export the certificate (with private key) and replace the existing one on your original web site.
Regards,
Paul Lynch
MCSE
Marked as answer by Leo Tang - MSFT on Sep 02, 2009 10:43 AM
ethos84
2 Posts
Replace OLD SSL Cert, but with different FQDN
Aug 26, 2009 07:53 PM|LINK
Hi
Currently have a SSL cert setup on our IIS 6 server which is about to expire. Lets say for example it's "ssl1.domain.com".
I want to create a new cert, "ssl2.domain.com". I've found a guide here:
http://www.rapidssl.com/ssl-certificate-support/generate-csr/microsoft_IIS_5.htm
"Enter Properties for the newly created virtual site, then go to the Certificate Wizard to create a new certificate request. The information you enter on this certificate request should match exactly the information on your production certificate, since that is the existing certificate this new CSR will replace."
This part confuses me though as obviously it won't be identical, will this matter?
Could someone assist in the best method to achieve my goal?
I was thinking that it might be possible to just remove the current certificate from the IIS menu, then create a new request etc...
Many Thanks
lextm
4503 Posts
Re: Replace OLD SSL Cert, but with different FQDN
Aug 27, 2009 02:28 AM|LINK
I consider this is a certificate issue.
In IIS 6 you can generate a renew certificate request, and send that to your CA. Then the CA can provide you a new certificate to replace the old one.
I think your CA is the best resource to consult at this moment, for example GeoCerts publishes this nice article for its customers and us,
http://www.geocerts.com/csr/iis_renew_6
http://lextm.com
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
ethos84
2 Posts
Re: Replace OLD SSL Cert, but with different FQDN
Aug 27, 2009 05:52 AM|LINK
Thanks for the reply.
This seems fine if the FQDN was identical, but it's not. I need to create a brand new request with the modified FQDN...
I suppose I could create a 2nd website, process a new request with that and the new FQDN then REPLACE it on the original 1st default website?
Paul Lynch
1589 Posts
Re: Replace OLD SSL Cert, but with different FQDN
Aug 27, 2009 06:58 AM|LINK
Hi,
Yes that's right. You can generate the certificate request anywhere (even on a different machine) and then export the certificate (with private key) and replace the existing one on your original web site.
Regards,
MCSE