Re: Replacing SSL Cert in IIS 5 w/no downtime?

From: Miha Pihler [MVP] (
Date: 01/17/05

  • Next message: Miha Pihler [MVP]: "Re: Making Security Alert popup go away"
    Date: Mon, 17 Jan 2005 23:52:33 +0100

    Hi Chris,

    You should be able to generate new CSR with existing certificate working
    while you wait for new one.

    If you for some reason can't do that, you can always create new virutal
    website on your server and point it to new temporary directory. On this site
    create a request for new certificate. Once you get the certificate back from
    your certificate vendor process the request as usual on temporary site. Now
    you have an option to assign this certificate to your old site with
    practical no down time.

    If you want you could do this whole process on completely separate computer.
    Once you get new certificate, export it (with private key -- *.pfx) and
    import it to your web server and assign it to your SSL protected web site.

    I hope this helps...

    Microsoft MVP - Windows Security
    "Chris H" <> wrote in message 
    >I have a SSL cert on a website in IIs 5
    > I need to replace it with a new one. The only way I can see to generate 
    > the CSR
    > is to get rid of the current one and then I can generate a CSR for a new 
    > one.
    > The whole company though, points to https://
    > For the 24 hours from when I remove the old one and install the new one 
    > there
    > will be problems for everyone . . .
    > is there a way to generate a CSR for a new cert and leave the old one in 
    > place until
    > the new cert is ready?
    > Cheers!
    > Chris 

  • Next message: Miha Pihler [MVP]: "Re: Making Security Alert popup go away"

    Relevant Pages

    • Re: Primary key backup
      ... Anywhere, now make sure you have no cert now, since the ... > I am getting a reissue from my vendor, as I was not able to deploy the> certificate which I got from them ... > here are the details of my scenario> I have a web site running with an SSL certificate ... > -I used the certificate wizard on the new web site by giving the actual> details and generated a CSR. ...
    • Re: SBS 2003 R2 + UCC Certicifate Woes
      ... If you create a CSR with only one CN and then have the certificate created with SANs that the CSR did not contain then you get a mismatch because the certificate provider doesn't actually have your private key, they only have your CSR...which is derived from your key and the data you provide. ... this isn't an IIS or even Windows limitation. ... using the Certificates MMC snap-in and replaced the cert used by the ...
    • E2k7 Zertifikate (CSR mit openSSL signieren)
      ... Auf diesem habe ich eine RootCA und eine ServerCA etabliert. ... Mit New-ExchangeCertificate erzeuge ich jetzt ein Zertifikatsrequest (CSR) und stelle diesen der openSSL Server CA zum signieren bereit. ... certificate = $dir/ServerCA.cert.pem ...
    • Strange SSL problems
      ... I recently generated a CSR for a customer. ... I could view the certificate and it looked good from within IIS. ... The screen said that there was a private key present. ... I can always generate the CSR and install the certificate on another system ...
    • SBS2003, Mobile 5 and multiple certificates
      ... Microsoft 2003 SBS environment which runs IIS 6.0. ... appears to be part of the default website within IIS. ... In order to deploy Mobile 5 I wanted to use a 3rd party certificate ... Both the default site and CSR are using port 443 - when I restart ...