メインコンテンツまでスキップ

Certificate Signing Request (CSR) Help: Steps to create a new CSR while another certificate is currently installed?

User-added image
For Microsoft IIS

When renewing a certificate, IIS will generate a CSR identical to the original request. You may want to change this information in the following circumstances:

  • You are renewing a certificate and you need to change the distinguished name (DN) information in your CSR.
  • You are renewing a certificate and you need to change the key bit length of your CSR.
  • You are renewing a certificate with Entrust that was originally issued by another Certification Authority (CA).

Solution:

In order to make changes to your original request, you must create a temporary Web site in IIS and use it to generate the CSR. Follow the procedures below.

This process is in two parts:
1) Generate the Certificate Signing Request from a temporary web site
2) Install the new certificate

Part 1 of 2: Generate the Certificate Signing Request from a Temporary Web Site

  1. Launch the Internet Services Manager:
    Select Start /All Programs/ Administrative Tools/ Internet Information Services
  2. Right-click the Web Sites folder in the left preview pane. Select New , and then Web Site .


  • The Web Site Creation Wizard appears. Click Next .
  • Provide a description for the web site and click Next .


  • Enter a dummy IP Address (i.e. 1.1.1.1 ) for the web site. Keep the default TCP Port and Host Header settings. Click Next .
  • Supply a path for the Web site home directory and click Next.


  • Click Next to accept the default Web Site Access Permissions .


  • Click Finish to complete the Web Site Creation Wizard.


  • Your new Web site now appears in the IIS Manager window under Web Sites . Right-click the Web site and select Properties .

  1. Click the Directory Security tab, and click Server Certificate .


  • The Certificate Wizard appears. Click Next .
  • Select Create a new certificate and click Next .


  • Select Prepare the request now, but send it later and click Next .


  • Supply a friendly name for your certificate. Choose a bit-length of 2048 and click Next .


  • Supply the name of your company or organization in the field provided. If relevant, supply the name of your division or department in the Organizational Unit field provided. Click Next .


  • Supply the Common Name of your Web server in the field provided. This name must match the fully qualified domain name on the certificate being renewed . Click Next .


  • Supply a Country/Region , State/province and City/locality. Click Next .


  • Supply a File name in which to save your Certificate Signing Request (CSR) and click Next .


  • Review the Request File Summary , then click Next to generate the file.


Part 2  of 2: Install the new certificate

After receiving the new certificate from Entrust, follow the steps below to install it on the Web server:

  • Click Finish to complete the Certificate Wizard.
  • Use the CSR you have generated (certreq.txt) to submit the renewal request to Entrust.
  1. Copy and paste the Server Certificate (including the BEGIN and END tags) into a text editor such as Notepad and save it on your server.

  • Launch the Internet Services Manager:
    Select Start > All Programs > Administrative Tools > Internet Information Services.

  • Right-click the temporary Web site from the left preview pane and select Properties .


  • Click the Directory Security tab, and click Server Certificate .


  • The Certificate Wizard appears. Click Next .
  • Select Process the pending request and install the certificate and click Next .


  • Browse to the location of your Server Certificate file and click Next .


  • Specify SSL port 443 and click Next .


  • Review the Certificate Summary, then click Next to install the certificate.


  • Click Finish to complete the certificate installation on the temporary Web site.
  • In the left preview pane of the IIS Manager window, locate the Web site that has the original server certificate. Right-click this web site and select Properties .


  • Click the Directory Security tab, and select Server Certificate .


  • The Certificate Wizard appears. Click Next .
  • Select Replace the current certificate and click Next.


  • From the list of available certificates, select the certificate installed to the temporary Web site and click Next.


  • Review the Certificate Summary, then click Next to install the certificate.


  • Click Finish to complete the certificate installation.


  • You can now delete the temporary Web site because it is no longer needed. Removing the temporary site will not affect your new certificate.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Number
オーストラリア 0011 - 800-3687-7863
1-800-767-513
オーストリア 00 - 800-3687-7863
ベルギー 00 - 800-3687-7863
デンマーク 00 - 800-3687-7863
フィンランド 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
フランス 00 - 800-3687-7863
ドイツ 00 - 800-3687-7863
香港 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
アイルランド 00 - 800-3687-7863
イスラエル 014 - 800-3687-7863
イタリア 00 - 800-3687-7863
日本 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
マレーシア 00 - 800-3687-7863
オランダ 00 - 800-3687-7863
ニュージーランド 00 - 800-3687-7863
0800-4413101
ノルウェー 00 - 800-3687-7863
シンガポール 001 - 800-3687-7863
スペイン 00 - 800-3687-7863
スウェーデン 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
スイス 00 - 800-3687-7863
台湾 00 - 800-3687-7863
英国 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088