How Can We Help?

How to create a CSR without removing your current certificate in IIS

You are here:

Currently, the renewal option in IIS 5.x / 6.x does not work as intended most of the time. Because IIS does not allow your site, which is currently running SSL, to generate a Certificate Signing Request (CSR) without removing the existing certificate. For most websites, this is not a viable option because the SSL portion of your website is inactive until the new certificate is set up. To get a certificate for your existing website, you need to do the following.

Note: You may want to print this page for your records.

(In IIS-Admin)


1. Create a temporary site in IIS.

Note: If you're not sure how to do this step, please read the first section in the "Related Articles" section.

2. Right-click the newly created site and click Properties.

3. Click the Directory Security tab, and then click the Server Certificate button.

(Enter Server Certificate Assistant)

4. Go through the wizard and enter exactly the same information that you have in your existing certificate.

Please note: Examples of common names:,, etc.

5. Send the CSR to

6. Install the certificate by processing the pending request on the temporary site created in step 1.

Please note: If you are not familiar with installing SSL certificates on IIS, click here for instructions.

(Auf der Produktionswebsite)

7. Right-click the production site and click Properties.

8. Click the Directory Security tab, and then click the Server Certificate button.

(Go to the server certificate wizard on the production website)

9. Select Replace current certificate and click Next.

10. Click Next until you exit the wizard.

Please note: A typical site is bound to port 443 with a unique IP address at https.

11. You can now delete the temporary location after you have installed your certificate!

Table of Contents