Renewing a wildcard SSL certificate in IIS 6 (1024 to 2048 bit)

I currently have a wildcard SSL certificate running on IIS 6 and needs to be renewed. The new certificate bit-strength is now 2048 (the current one that needs to be renewed is 1024). Is there any easy way to get a certificate request file that is 2048 bit when renewing from a 1024?

I don't see the option to change bit strength for renewing an SSL certificate (I only see this when creating a totally new one from scratch).

Answers


I recently had to do this very same thing, and the way I did it was I had to remove the current certificate completely, then add a new certificate fresh, otherwise, I could not figure out how to update the CSR from 1024 to 2048, which is now a requirement.

So, to answer your question, remove the current certificate first (this might be tricky if it's a busy online store), then go through the wizard and switch the CSR from 1024 to 2048.

Not the best answer, I know, but the only one I could seem to find right off (and the easiest)


Be warned about trying to get clever with this one. I just got myself in a big mess trying to do exactly this same thing without any downtime.

What I did was :

  • create another website and generate a cert request for that. made sure to put in the correct common name when generating the request.

  • I downloaded the certificate that was generated and installed it in my 'Personal' certificates for the Local Computer account (after adding certificate snap in).

  • Did 'replace' on the main website for the certificate and chose the new updated one.

I ended up getting this error (as reported by Chrome) when accessing the https site.

(net::ERR_SSL_PROTOCOL_ERROR): Unknown error

After playing around and switching back to the original certificate I ended up just removing it and re-keying the certificate. It only led to 1-2 minutes of downtime.

I do think that if you do what I was attempting in the correct order you'd be fine. I think you need to export the .pfx file and then import that. I think whats happening is the original server didnt have the correct private key or something like that and was getting confused.

So I'm upvoting calweb :-)


Here's a Microsoft KB article explaining how to do it. Seems similar to what Simon tried:

http://support.microsoft.com/kb/295281


Need Your Help

Read from serial port for set amount of time?

c# arduino serial-port

I'm writing a C# program that reads numbers sent from an arduino to the serial port, puts them into a datatable and displays them in a chart. Currently when connect is clicked, it will continuously...

What could cause NetworkX & PyGraphViz to work fine alone but not together?

python graph graphviz networkx pygraphviz

I'm working to learning some Python graph visualization. I found a few blog posts doing some things I wanted to try. Unfortunately I didn't get too far, encountering this error: AttributeError: 'mo...