Skip to main content

Cornell University

Generate SSL Certificate Signing Requests

Questions about how to generate a Certificate Signing Request (CSR) file in Microsoft IIS and other platforms

This article applies to: SSL Server Certificate

In This Article

Generate a Certificate Signing Request (CSR) file in Microsoft IIS 6.0 Without Removing the Existing Certificate

To generate a new CSR without removing the current certificate, a temporary website must be created. This workaround will apply for IIS servers that currently have certificates installed, but a new CSR (with different key size,etc) needs to be created. Creating a temporary website allows you to keep a current certificate active on the site while another certificate request is pending.

Step 1: Generate a Certificate Signing Request (CSR) file without removing the existing certificate

  1. Click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager.
  2. Right-click Web Sites.
  3. Select New > Web Site.
  4. The Web Site Creation Wizard will open. Enter Temporary as the web site name, then click Next.
  5. Note: In the Wizard, simply bypass all settings by clicking Next. However, you will need to specify a path. The directory you select is completely arbitrary and will not affect the CSR generation.
  6. Click Finish.
  7. Note: The temporary web site does not need to be started for this process.
  8. Right click , select Properties > Directory Security > Server Certificate.
  9. Select Create a New Certificate.
  10. Note: choose 2048 bit key length. In Common name field, enter the domain name of the site that you are going to renew the SSL cert for.
  11. Click Finish.

Step 2: Install SSL certificate

Once you receive the new certificate, download it, then:

  1. Right-click the temporary site > select Properties > Directory Security > Server certificate.
  2. Select Process the Pending Request.
  3. Complete the wizard to install the certificate.
  4. Right-click the production site, then select Properties > Directory Security > Server certificate.
  5. Select Replace the current certificate.
  6. Select the certificate that you have just installed, then click Finish.
  7. Stop and Start the website.

Generate a Certificate Signing Request (CSR) for Other Platforms

Visit the Sectigo Support site. 

Support Contact:

Cornell IT Service Desk

Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.