To generate a Certificate Signing Request (CSR) for Server 2003 – IIS 6 you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. On Windows type systems PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system where the CSR request is made.
Note: All certificates issued by a Certificate Authority must be SHA2/SHA256 algorithm due to industry standards by governing entities. IIS 6 Server 2003, has been known to not understand this Algorithm. Installing a SHA2 certificate on your outdated system may not work. You may have to contact Microsoft for the best possible resolution.
Note: Microsoft ended support for Windows Server 2003 IIS 6 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.
Note on renewals: On IIS 6 systems there is an option to renew an existing certificate that is already bound to a website. This option will pull the existing information from the current certificate such as bit length, common name, etc.. and generate a new CSR. If Any information is changing such as common name or bit length then you will not be able to use the renewal option.
If you are changing this information then you will have to create a temporary dummy website so that you do not need to remove the existing key-pair on the website in question in order to generate a new CSR. Please follow our instructions on CSR/Install Instructions for Renewals without removing the existing certificate.
To generate a renewal CSR for Server 2003 IIS 6 perform the following.
Step 1: Generating your Renewal CSR:
- Click Start > All Programs > Administrative Tools > Internet Information Services Manager.
- In IIS Manager, double-click the local computer > Web Sites folder.
- Right-click the corresponding Web site to renew the SSL certificate on.
- Click Properties > Directory Security > Server Certificate.
- On the Welcome to the Web Server Certificate Wizard window, click Next.
- Select Renew the current certificate.
- Select Prepare the request now, but send it later.
- Click Next.
- Specify a file name and path to save the request file.
- Verify the contents of the request
- Click Next
- Click Finish.
Note: Upon completing the Certificate Wizard, it is important to leave the request pending for successful certificate installation on the website. DO NOT delete the pending request from the Certificate Wizard on the website. Doing so will prevent installation of the certificate that is returned.
Your CSR request has been created from your Server 2003 – IIS 6 system and is ready for you to copy and paste its contents into the enrollment portal.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.
For Server 2003 IIS 6 – certificate installation instructions click here
For more information refer to Microsoft