Knowledgebase

The CSR can contain any of the following fields, but the three marked Mandatory must be included for the CSR to be successful, please note that Windows IIS will not allow you to include the Email Address field in your CSR.

• Organization (Mandatory)
• Organizational Unit
• Locality (City)
• State/Province
• Country (2 character code) (Mandatory)
• Common Name. For example: Fully-Qualified Domain Name, IP address, Internal Server name (Mandatory)
• Email Address

Another possibility is that the CSR contains illegal characters in the fields shown above. They must contain alpha-numeric characters only, accept obviously your Common Name or Email address, which may also include the '@' symbol and the '.' symbol.

Make sure your CSR begins with 5 dashs and ends with 5 dashs as below:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----

If you are renewing your SSL certificate you must create a new CSR, you cannot simply use the previous CSR because a new Pending Request and Private key must be generated on your web server for the entire process to work.

For those renewing using IIS you cannot use the 'renew certificate' option on IIS, but must instead create a new CSR