Our Windows 2008 IIS7 web server has a wildcard SSL that is about to expire. The CSR that is automatically generated is too long and not accepted by my CA – nothing I can do about that. My main concern is avoiding any downtime. My secondary concern is that I am not a network / server admin so my fear at having following a lengthy manual process is quite keen.
When I go to the Server Certificates in IIS I see a list of 2. One is 'my' SSL and the other is a self-signed cert from the server. If I go through the 'Create Certificate Request' wizard and create a new CSR with the same details what will happen? Will it automatically disable the existing cert or will it keep the new one pending and the old one active until I complete the process and swap them over?
Apologies if that isn't as clearly explained as I may have wanted.
Best Answer
Generating a new CSR has no effect on the current certs. They will still be bound to the site and continue to be valid until they expire, or until you replace them with the new one.