Security Certificate Tips and Tricks: Renewing Your SSL Certificate in Microsoft IIS 5/6 Servers
Renewing in IIS 5/6 Without Downtime
This article presents a workaround for IIS server administrators who need to change the details of an existing SSL certificate without downtime on a secure site. The issue was resolved in IIS 7. For help renewing your IIS 7 certificate please refer to our IIS 7 CSR creation instructions.
Server administrators frequently have problems with downtime when changing the details of an existing certificate in Microsoft IIS 5 or 6. When generating a certificate signing request (CSR) in IIS for an unsecured website you will either have the option to create a new certificate or else assign or import an existing certificate. However, once a website is secured a user will only have the options to renew, remove, or replace the existing certificate.
Though renewing the certificate will generate a new CSR, it will only allow you to create a request identical to the current certificate. None of the certificate details can be changed. Because of this, it is common to remove the existing certificate, restart the wizard, and choosing the option to create a new certificate. This has the advantage of allowing the details in the certificate request to change, while having the disadvantage of leaving the website unsecured or unavailable (sometimes only for a few minutes, but potentially several hours or even several days) before a new certificate can be issued.
The best workaround is to generate a CSR with the desired details from a second website on the same server.
The website should not be a publicly accessible site, and can be created specifically for this purpose (see our instructions
After creating the CSR, submitting it to DigiCert, and receiving your certificate file back, you can use our SSL installation instructions to install your certificate to the pending request of the website from which the CSR was generated. Then you will be able to seemlessly transfer the files to the desired website by going to that website's properties, clicking the directory security tab, clicking the server certificate button, and selecting the option to assign an existing certificate.
SSL Certificate Tips and Tricks: Renewing in IIS 5/6 Without Downtime
Learn how to change the details of your SSL Certificate in IIS 5 and IIS 6 without server downtime.
