For Microsoft IIS
When renewing a certificate, IIS will generate a CSR identical to the original request. You may want to change this information in the following circumstances:
- You are renewing a certificate and you need to change the distinguished name (DN) information in your CSR.
- You are renewing a certificate and you need to change the key bit length of your CSR.
- You are renewing a certificate with Entrust that was originally issued by another Certification Authority (CA).
Solution:
In order to make changes to your original request, you must create a temporary Web site in IIS and use it to generate the CSR. Follow the procedures below.
This process is in two parts:
1) Generate the Certificate Signing Request from a temporary web site
2) Install the new certificate
Parte 1 di 2: Generate the Certificate Signing Request from a Temporary Web Site
-
Launch the Internet Services Manager:
Select Start /All Programs/ Administrative Tools/ Internet Information Services
-
Right-click the
Web Sites
folder in the left preview pane. Select
New
, and then
Web Site
.
-
The Web Site Creation Wizard appears. Click
Next
.
-
Provide a description for the web site and click
Next
.
-
Enter a dummy IP Address (i.e.
1.1.1.1
) for the web site. Keep the default TCP Port and Host Header settings. Click
Next
.
-
Supply a path for the Web site home directory and click
Next.
-
Click
Next
to accept the default
Web Site Access Permissions
.
-
Click
Finish
to complete the Web Site Creation Wizard.
-
Your new Web site now appears in the IIS Manager window under
Web Sites
. Right-click the Web site and select
Properties
.
-
Click the
Directory Security
tab, and click
Server Certificate
.
-
The Certificate Wizard appears. Click
Next
.
-
Select
Create a new certificate
and click
Next
.
-
Select
Prepare the request now, but send it later
and click
Next
.
-
Supply a friendly name for your certificate. Choose a bit-length of 2048 and click
Next
.
-
Supply the name of your company or organization in the field provided. If relevant, supply the name of your division or department in the Organizational Unit field provided. Click
Next
.
-
Supply the Common Name of your Web server in the field provided.
This name must match the fully qualified domain name on the certificate being renewed
. Click
Next
.
-
Supply a
Country/Region
,
State/province
and
City/locality.
Click
Next
.
-
Supply a
File name
in which to save your Certificate Signing Request (CSR) and click
Next
.
-
Review the
Request File Summary
, then click
Next
to generate the file.
Parte 2 di 2: Install the new certificate
After receiving the new certificate from Entrust, follow the steps below to install it on the Web server:
- Click Finish to complete the Certificate Wizard.
- Use the CSR you have generated (certreq.txt) to submit the renewal request to Entrust.
- Copy and paste the Server Certificate (including the BEGIN and END tags) into a text editor such as Notepad and save it on your server.
-
Launch the Internet Services Manager:
Select Start > All Programs > Administrative Tools > Internet Information Services.
-
Right-click the temporary Web site from the left preview pane and select
Properties
.
-
Click the
Directory Security
tab, and click
Server Certificate
.
-
The Certificate Wizard appears. Click
Next
.
-
Select
Process the pending request and install the certificate
and click
Next
.
-
Browse to the location of your Server Certificate file and click
Next
.
-
Specify SSL port 443 and click
Next
.
-
Review the Certificate Summary, then click
Next
to install the certificate.
-
Click
Finish
to complete the certificate installation on the temporary Web site.
-
In the left preview pane of the IIS Manager window, locate the Web site that has the original server certificate. Right-click this web site and select
Properties
.
-
Click the
Directory Security
tab, and select
Server Certificate
.
-
The Certificate Wizard appears. Click
Next
.
-
Select
Replace the current certificate
and click
Next.
-
From the list of available certificates, select the certificate installed to the temporary Web site and click
Next.
-
Review the Certificate Summary, then click
Next
to install the certificate.
-
Click
Finish
to complete the certificate installation.
-
You can now delete the temporary Web site because it is no longer needed. Removing the temporary site will not affect your new certificate.
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
Paese | Number |
Australia |
0011 - 800-3687-7863
1-800-767-513 |
Austria | 00 - 800-3687-7863 |
Belgio | 00 - 800-3687-7863 |
Danimarca | 00 - 800-3687-7863 |
Finlandia |
990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet) |
Francia | 00 - 800-3687-7863 |
Germania | 00 - 800-3687-7863 |
Hong Kong |
001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax) |
Irlanda | 00 - 800-3687-7863 |
Israele | 014 - 800-3687-7863 |
Italia | 00 - 800-3687-7863 |
Giappone |
001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ) 0061 - 800-3687-7863 (IDC) |
Corea del Sud |
001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom) |
Malesia | 00 - 800-3687-7863 |
Paesi Bassi | 00 - 800-3687-7863 |
Nuova Zelanda |
00 - 800-3687-7863
0800-4413101 |
Norvegia | 00 - 800-3687-7863 |
Singapore | 001 - 800-3687-7863 |
Spagna | 00 - 800-3687-7863 |
Svezia |
00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2) |
Svizzera | 00 - 800-3687-7863 |
Taiwan | 00 - 800-3687-7863 |
Regno Unito |
00 - 800-3687-7863
0800 121 6078 +44 (0) 118 953 3088 |