Generate Certificate Signing Request in Microsoft IIS 6.0 without removing the current certificate
Solution ID:    SO3881
Version:    6.0
Published:    December 13, 2007
Updated:    February 25, 2009


Change CSR information without losing the current certificate
Generate CSR without overwriting the current certificate
Create renewal CSR with changes


This article describes how you can create a new Certificate Signing Request (CSR) or generate a Renewal Request without having to remove the existing certificate from your web site.
To Generate Certificate Signing Request in Microsoft IIS 6.0 without removing the current certificate, requires you to do the following: 
A. Generate a temporary web site.
NOTE:  When you create the temporary web site, you do not need to assign an IP address and port number. You only have to give it read and write permissions and create a temporary folder in your hard drive and save it there.

B. Generate the pending request and CSR on the Temporary web site.

C. After receiving the certificate, install the certificate to the Temporary web site.

D. On the actual web site, replace the certificate with the newly installed certificate.
Instructions for 'work around': 
1. In IIS right click the Default Web Site and click on New --> Site
2. Create a new site. You can give it a temporary name. 
3. Right click on this new site and go to Properties --> Directory Security --> Server certificate
4. Select Create a new certificate and follow the wizard to create a new CSR. Please refer to the following solution: SO2657 
5. Backup the Private Key file. Very important: if no backup is made and the Private Key is lost, the certificate issued will not work. The Private Key backup instructions can be found in the following solution SO1699 
6. Although a new csr was generated, you are still required to go through the normal renewal process with that new csr. The renewal can be completed with the assistance of the following solution: SO881
 When you receive the certificate back, right click on this temporary site and go to Properties --> Directory --> Security --> Server certificate and follow the wizard to process the pending request.
7. Once the certificate has been installed, go to the correct website and right click Properties --> Directory Security --> Server certificate.
8. Select the option Replace the current certificate
9. You will then be able to select the certificate that you have just installed. 
10. Once installed we strongly advise you to make a backup of your certificate with its corresponding private key. View Solution SO1707
11. You can now delete the temporary site that you created previously. 
The official Microsoft article explaining this process can be found at Microsoft Knowledge Base Article: "How To Renew or Create New Certificate Signing Request While Another Certificate Is Currently Installed" utilizing this URL: