Dirk Bergmann

Developer, panographer. Does consultancy work from own company. Lives in Chiang Mai, Thailand.


Chiang Mai

Hua Hin

Thailand Hotels

ListVote - List. Vote. Learn.

Partnerseek - Find Partners

IIS7 Certificate Renewal Process Generates Invalid CSR

When using the Renew Option in IIS Manager>Server Certificates, a longish CSR (Certificate Signing Request) is created but when submitting it to your certificate authority it is rejected, as the CSR is invalid. imageGodaddy might give you a message like "Unable to extract CSR information", so you this tool to check your CSR and the invalid parts are underlined in red. It seems IIS7 tries to generate a key with a length of 4096 bits even when renewing a 1024 bit certificate. This issue is likely a bug in IIS7, see this post and discussion for more info. It might be advisable to create a new 4096 bit certificate and next time the renewal might work, especially when Microsoft issues a fix.


EV SSL: I have had lots of issues with IIS7 i think im going to give it one more try with the tool and them i redoing the server from scratch.