Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-08-16 14:13:01.0

Certificate Signing Request (CSR) Help: Steps to create a new CSR while another certificate is currently installed?

Article Number: 46297

User-added image
For Microsoft IIS

When renewing a certificate, IIS will generate a CSR identical to the original request. You may want to change this information in the following circumstances:
 

  • You are renewing a certificate and you need to change the distinguished name (DN) information in your CSR.
  • You are renewing a certificate and you need to change the key bit length of your CSR.
  • You are renewing a certificate with Entrust that was originally issued by another Certification Authority (CA).

Solution:

In order to make changes to your original request, you must create a temporary Web site in IIS and use it to generate the CSR. Follow the procedures below.

This process is in two parts:
1) Generate the Certificate Signing Request from a temporary web site
2) Install the new certificate

Part 1 of 2: Generate the Certificate Signing Request from a Temporary Web Site

  1. Launch the Internet Services Manager:
       Select Start /All Programs/ Administrative Tools/ Internet Information Services
     
  2. Right-click the Web Sites folder in the left preview pane. Select New, and then Web Site.


     
  • The Web Site Creation Wizard appears. Click Next.
     
  • Provide a description for the web site and click Next.


     

 

 

 

  • Enter a dummy IP Address (i.e. 1.1.1.1) for the web site. Keep the default TCP Port and Host Header settings. Click Next.
     
  • Supply a path for the Web site home directory and click Next.


     
  • Click Next to accept the default Web Site Access Permissions.


     
  • Click Finish to complete the Web Site Creation Wizard.


     
  • Your new Web site now appears in the IIS Manager window under Web Sites. Right-click the Web site and select Properties.

     

    1. Click the Directory Security tab, and click Server Certificate.


       
    • The Certificate Wizard appears. Click Next.
       
    • Select Create a new certificate and click Next.


       
    • Select Prepare the request now, but send it later and click Next.


       
    • Supply a friendly name for your certificate. Choose a bit-length of 2048 and click Next.


       
    • Supply the name of your company or organization in the field provided. If relevant, supply the name of your division or department in the Organizational Unit field provided. Click Next.


       
    • Supply the Common Name of your Web server in the field provided. This name must match the fully qualified domain name on the certificate being renewed. Click Next.


       
    • Supply a Country/Region,  State/province and City/locality. Click Next.


       
    • Supply a File name in which to save your Certificate Signing Request (CSR) and click Next.


       
    • Review the Request File Summary, then click Next to generate the file.


       

    Part 2  of 2: Install the new certificate

    After receiving the new certificate from Entrust, follow the steps below to install it on the Web server:

    • Click Finish to complete the Certificate Wizard.
    • Use the CSR you have generated (certreq.txt) to submit the renewal request to Entrust.
    1. Copy and paste the Server Certificate (including the BEGIN and END tags) into a text editor such as Notepad and save it on your server.


     
    • Launch the Internet Services Manager:
      Select Start > All Programs > Administrative Tools > Internet Information Services.

       
    • Right-click the temporary Web site from the left preview pane and select Properties.


       
    • Click the Directory Security tab, and click Server Certificate.


       
    • The Certificate Wizard appears. Click Next.
       
    • Select Process the pending request and install the certificate and click Next.


       
    • Browse to the location of your Server Certificate file and click Next.


       
    • Specify SSL port 443 and click Next.


       
    • Review the Certificate Summary, then click Next to install the certificate.


       
    • Click Finish to complete the certificate installation on the temporary Web site.
       
    • In the left preview pane of the IIS Manager window, locate the Web site that has the original server certificate. Right-click this web site and select Properties.


       
    • Click the Directory Security tab, and select Server Certificate.


       
    • The Certificate Wizard appears. Click Next.
       
    • Select Replace the current certificate and click Next.


       
    • From the list of available certificates, select the certificate installed to the temporary Web site and click Next.


       
    • Review the Certificate Summary, then click Next to install the certificate.


       
    • Click Finish to complete the certificate installation.


       
    • You can now delete the temporary Web site because it is no longer needed. Removing the temporary site will not affect your new certificate.

    If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

    Hours of Operation: 
    Sunday 8:00 PM ET to Friday 8:00 PM ET 
    North America (toll free): 1-866-267-9297 
    Outside North America: 1-613-270-2680 (or see the list below) 
    NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
    Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call. 

    CountryNumber
    Australia0011 - 800-3687-7863
    1-800-767-513
    Austria00 - 800-3687-7863
    Belgium00 - 800-3687-7863
    Denmark00 - 800-3687-7863
    Finland990 - 800-3687-7863 (Telecom Finland)
    00 - 800-3687-7863 (Finnet)
    France00 - 800-3687-7863
    Germany00 - 800-3687-7863
    Hong Kong001 - 800-3687-7863 (Voice)
    002 - 800-3687-7863 (Fax)
    Ireland00 - 800-3687-7863
    Israel014 - 800-3687-7863
    Italy00 - 800-3687-7863
    Japan001 - 800-3687-7863 (KDD)
    004 - 800-3687-7863 (ITJ)
    0061 - 800-3687-7863 (IDC)
    Korea001 - 800-3687-7863 (Korea Telecom)
    002 - 800-3687-7863 (Dacom)
    Malaysia00 - 800-3687-7863
    Netherlands00 - 800-3687-7863
    New Zealand00 - 800-3687-7863
    0800-4413101
    Norway00 - 800-3687-7863
    Singapore001 - 800-3687-7863
    Spain00 - 800-3687-7863
    Sweden00 - 800-3687-7863 (Telia)
    00 - 800-3687-7863 (Tele2)
    Switzerland00 - 800-3687-7863
    Taiwan00 - 800-3687-7863
    United Kingdom00 - 800-3687-7863
    0800 121 6078
    +44 (0) 118 953 3088

    TN7902

    Affected Products:

    • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable