Entrust Certificate Services Support Knowledge Base

Audience: Administrator
Last Modified: 2006-09-12 13:33:44.0

TN 5493 - How do I create a new CSR on the server or generate a renewal request while another certificate exists?

Applicable to:  MS IIS 5.0 on Windows 2000 and/or MS IIS 6.0 on Windows 2003 servers

This article describes how you can create a new certificate signing request (CSR) or generate a renewal request without having to remove the existing certificate from your Web site.

A situation arises where:

1. You need to change any of the distinguished name levels within the CSR such as your Organization name or Common Name.

2. You are renewing a certificate with Entrust that was originally issued by another 3rd party CA or was self-signed.

Note: If this is concerning a verification issue and you have already generated a "renewal" request from your IIS software, please remove the pending request and re-assign your existing certificate.

To create a new CSR on the server or generate a renewal request while another certificate exists on your Web site, follow these steps:

1. Launch Internet Information Services from Start / Programs / Administrative Tools
2. Right-click the default Web site, click "New", and then click "Site".
3. Create a new site and give it a temporary name.
4. Right-click on the new site, click "Properties", click the "Directory Security" tab, and then click "Server certificate" button.
5. Run the wizard and select "Create new certificate" and follow the wizard to create a new CSR (Certificate Signing Request).
6. When prompted, select "Prepare the request now but send it later".

Use the CSR that you just created to request a new certificate from Entrust Certificate Services.  http://www.entrust.net 

 

To Install your Entrust SSL Certificate

When you receive the certificate from Entrust, follow the copy and paste procedures as described in the notification pickup URL. Remember the serial number of this certificate and where you save it.

On the server:

1. Right-click the temporary site that where you created the CSR.
2. click Properties, click the "Directory Security" tab, click "Server certificate" button, and then click Next.
3. Follow the wizard. When prompted, select "Process the pending request".  Browse to your new Entrust .cer or .crt file and select this file.
4. Finish the wizard.
5. Right click on your production site and choose "Properties"
6. Click on "Directory Security" and then "Server Certificate" Button.
7. Run the wizard and choose "Replace current Certificate" or "Assign an existing certificate" which ever option is available.
8. Finish the wizard.
9. Stop and Start the production site by right clicking on the site in IIS and choose "Stop" then "Start"

Test SSL by using https:// protocol from your browser either on the server on a client.

You may delete the "Temporary Site" that you created to send your new CSR to Entrust.

NOTE: The list of available certificates is populated from the personal certificate store, which is located under Certificates (Local Computer) in the MMC. To view the personal certificate store, add the Certificates snap-in for the Computer Account to your MMC.

NOTE: If IIS does not display the new certificate, you may need to copy it from the personal certificate store that is located under Certificates - Current User in the MMC into the personal certificate store that is located under Certificates (Local Computer). To view the personal certificate store, add the Certificates snap-in for the User Account to your MMC. When working with server certificates always load the certificate snap-in for "Computer Account".

IMPORTANT NOTE:  Please perform a backup of your keypair as soon as possible.
Please follow our disaster recovery steps for your server type located at
http://www.entrust.net/ssl-technical/webserver.cfm

Affected Products:

• Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services 2 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services Enhanced Service Account Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services Web Hoster Service Account Version Not Applicable English Platform Not Applicable