05 January 2010 11:19
Time to renew one of the SSL certificates on the new server. The transfer from IIS 6- > IIS 7 was far too stratight forward, the new Web Depoly feature transfered the existing cerificates without any problems, so renewal should be simple. Well NO. There is a renewal button at the top level in IIS 7 - simply prompts for the file to store the new request - no other options, so stored the new certificate request. Go online to RapidSSL, open the file, cut and paste the request to the text box and click next. Ops - Error, invalid request. OK, repeat process and scroll down the box and now this is strange, the request is to large to fit in the text box, and by the way it's large !! Ok Microsoft, what have you changed. Looks like we are now generating certificate request that are not compatible with 3rd party certificate issuers - even Verisign, well just great. Guess we now have a bit length of 4096 in the CSR, while the industry uses 1024 or 2048, nice.....
So the solution is to generate a new certificate request, not a renewal, fill in the all the fields and then generate a regular (small) request, and away we go.
So Microsoft, why not give the option to generate a 'regular' certificate request which is compaible woth the rest of the industry ?