Our current SSL EV certificate is expired in a few weeks and I need to buy a new one.
When I generate a CSR (Certificate Signing Request), it appears to generate a new key and install it immediately (replacing the old one). And uses a temporary Shared Server Certificate for the time being. This is of course NEVER supposed to happen, because now the site appears to be insecure/untrusted when people visit it (shared certificate is not CA certified).
I now quickly restored this by putting back the previous SSL EV certificate + they corresponding Key, which I fortunately still had saved, although I can't find out anymore how I actually got that Key.
My question: how can I generate a CSR and the corresponding Key, allowing me to save the CSR + Key but not install/activate it yet.
This would allow me to then complete the SSL purchasing process (including company verification etc because we're using an SSL EV certificate), and once I receive the certificate, I can install + activate that along with the previously generated Key.
When I generate a CSR (Certificate Signing Request), it appears to generate a new key and install it immediately (replacing the old one). And uses a temporary Shared Server Certificate for the time being. This is of course NEVER supposed to happen, because now the site appears to be insecure/untrusted when people visit it (shared certificate is not CA certified).
I now quickly restored this by putting back the previous SSL EV certificate + they corresponding Key, which I fortunately still had saved, although I can't find out anymore how I actually got that Key.
My question: how can I generate a CSR and the corresponding Key, allowing me to save the CSR + Key but not install/activate it yet.
This would allow me to then complete the SSL purchasing process (including company verification etc because we're using an SSL EV certificate), and once I receive the certificate, I can install + activate that along with the previously generated Key.