IIS7 Certificate Renewal Process Generates Invalid CSR

When using the Renew Option in IIS Manager>Server Certificates, a longish CSR (Certificate Signing Request) is created but when submitting it to your certificate authority it is rejected, as the CSR is invalid. imageGodaddy might give you a message like "Unable to extract CSR information", so you this tool to check your CSR and the invalid parts are underlined in red. It seems IIS7 tries to generate a key with a length of 4096 bits even when renewing a 1024 bit certificate. This issue is likely a bug in IIS7, see this post and discussion for more info. It might be advisable to create a new 4096 bit certificate and next time the renewal might work, especially when Microsoft issues a fix.

EV SSL: I have had lots of issues with IIS7 i think im going to give it one more try with the tool and them i redoing the server from scratch.

Posted: 08 March 2009

comments powered by Disqus