Re: Replacing SSL Cert in IIS 5 w/no downtime?

From: Miha Pihler [MVP] (
Date: 01/17/05

  • Next message: Miha Pihler [MVP]: "Re: Making Security Alert popup go away"
    Date: Mon, 17 Jan 2005 23:52:33 +0100

    Hi Chris,

    You should be able to generate new CSR with existing certificate working
    while you wait for new one.

    If you for some reason can't do that, you can always create new virutal
    website on your server and point it to new temporary directory. On this site
    create a request for new certificate. Once you get the certificate back from
    your certificate vendor process the request as usual on temporary site. Now
    you have an option to assign this certificate to your old site with
    practical no down time.

    If you want you could do this whole process on completely separate computer.
    Once you get new certificate, export it (with private key -- *.pfx) and
    import it to your web server and assign it to your SSL protected web site.

    I hope this helps...

    Microsoft MVP - Windows Security
    "Chris H" <> wrote in message 
    >I have a SSL cert on a website in IIs 5
    > I need to replace it with a new one. The only way I can see to generate 
    > the CSR
    > is to get rid of the current one and then I can generate a CSR for a new 
    > one.
    > The whole company though, points to https://
    > For the 24 hours from when I remove the old one and install the new one 
    > there
    > will be problems for everyone . . .
    > is there a way to generate a CSR for a new cert and leave the old one in 
    > place until
    > the new cert is ready?
    > Cheers!
    > Chris 

  • Next message: Miha Pihler [MVP]: "Re: Making Security Alert popup go away"