Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-09-07 15:42:07.0

What are the steps to create a new CSR while another certificate is currently installed?

Article Number: 46297

 

Problem:

The certificate renewal option within IIS does not allow the user to provide the key bit length or distinguished name (DN) information.

Cause:
 

When renewing a certificate, IIS will generate a CSR identical to the original request. You may want to change this information in the following circumstances:
 

  • You are renewing a certificate and you need to change the distinguished name (DN) information in your CSR.
  • You are renewing a certificate and you need to change the key bit length of your CSR.
  • You are renewing a certificate with Entrust that was originally issued by another Certification Authority (CA).

 

Solution:

In order to make changes to your original request, you must create a temporary Web site in IIS and use it to generate the CSR. Follow the procedures below.

 

Part 1 - Generate the Certificate Signing request from a Temporary Web Site

  1. Launch the Internet Services Manager:
       Select Start /All Programs/ Administrative Tools/ Internet Information Services
     
  2. Right-click the Web Sites folder in the left preview pane. Select New, and then Web Site.


     
  • The Web Site Creation Wizard appears. Click Next.
     
  • Provide a description for the web site and click Next.


     

 

 

 

  • Enter a dummy IP Address (i.e. 1.1.1.1) for the web site. Keep the default TCP Port and Host Header settings. Click Next.
     
  • Supply a path for the Web site home directory and click Next.


     
  • Click Next to accept the default Web Site Access Permissions.


     
  • Click Finish to complete the Web Site Creation Wizard.


     
  • Your new Web site now appears in the IIS Manager window under Web Sites. Right-click the Web site and select Properties.

     

    1. Click the Directory Security tab, and click Server Certificate.


       
    • The Certificate Wizard appears. Click Next.
       
    • Select Create a new certificate and click Next.


       
    • Select Prepare the request now, but send it later and click Next.


       
    • Supply a friendly name for your certificate. Choose a bit-length of 2048 and click Next.


       
    • Supply the name of your company or organization in the field provided. If relevant, supply the name of your division or department in the Organizational Unit field provided. Click Next.


       
    • Supply the Common Name of your Web server in the field provided. This name must match the fully qualified domain name on the certificate being renewed. Click Next.


       
    • Supply a Country/Region,  State/province and City/locality. Click Next.


       
    • Supply a File name in which to save your Certificate Signing Request (CSR) and click Next.


       
    • Review the Request File Summary, then click Next to generate the file.


       

    Part 2 - Install the new certificate

    After receiving the new certificate from Entrust, follow the steps below to install it on the Web server:
     

    • Click Finish to complete the Certificate Wizard.
       
    • Use the CSR you have generated (certreq.txt) to submit the renewal request to Entrust.

       

      1. Copy and paste the Server Certificate (including the BEGIN and END tags) into a text editor such as Notepad and save it on your server.


         
    • Launch the Internet Services Manager:
      Select Start > All Programs > Administrative Tools > Internet Information Services.

       
    • Right-click the temporary Web site from the left preview pane and select Properties.


       
    • Click the Directory Security tab, and click Server Certificate.


       
    • The Certificate Wizard appears. Click Next.
       
    • Select Process the pending request and install the certificate and click Next.


       
    • Browse to the location of your Server Certificate file and click Next.


       
    • Specify SSL port 443 and click Next.


       
    • Review the Certificate Summary, then click Next to install the certificate.


       
    • Click Finish to complete the certificate installation on the temporary Web site.
       
    • In the left preview pane of the IIS Manager window, locate the Web site that has the original server certificate. Right-click this web site and select Properties.


       
    • Click the Directory Security tab, and select Server Certificate.


       
    • The Certificate Wizard appears. Click Next.
       
    • Select Replace the current certificate and click Next.


       
    • From the list of available certificates, select the certificate installed to the temporary Web site and click Next.


       
    • Review the Certificate Summary, then click Next to install the certificate.


       
    • Click Finish to complete the certificate installation.


       
    • You can now delete the temporary Web site because it is no longer needed. Removing the temporary site will not affect your new certificate.

    TN7902

    Affected Products:

    • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable