I currently ran into a issue when attempting to renew an SSL Certificate that was issued using a CSR with a length 1024 Basically, new CSR's need to be either 2048 or 4096 in length. What does this mean???
It means that you can not renew the certificate using conventional methods although this should be simple...
At this point there are 2 options.
1. Recreate your certificate from scratch.. Yes, this means you will need to remove the current certificate and create a new CSR with either a 2048 or 4069 bit length. Once this has been done you can add that CSR to the request and receive the new certificate. Remember that this option would cause downtime if you have any secure pages or any shopping carts as those secure pages will not work while you are regenerating the certificate.
2. Option 2 is to create a new temporary website and create a new SSL Certificate using the same information as the one created for the existing site. Remembering to change the Key length to either 2048 or 4096. Once you have created the new CSR, ensuring that it was done correctly, then you should be able to process the renewal and add the certificate to the live site.
Remember, if you opt to use option 2 then it is extremely important that you enter the correct information when generating the CSR or you will get errors when processing the certificate.
These is just an overview of how to correct this issue, a guide on creating or renewing an SSL Certificate on IIS will be coming soon...
This is useful common sense info, but won't both options result in downtime? Can't you also renew whilst the other ssl cert is still operational and hasnt yet expired?
ReplyDeleteSorry for the realy delayed responce. Unfortunately no. but it is the only way to correct the SSL bit length issue. If you have access to administrative email address which can verify the SSL request then you should only have about 15mins of downtime. From the time that you setup the request to installing it on IIS.
ReplyDelete