IIS: Disappearing SSL Certificate Problem Resolved


I followed the many different articles outlining how to import SSL certificates into IIS exactly and everything worked great except for the fact that when I navigated away from the Server Certificates window, the certificate would disappear. I could see the certificate in the server’s Personal Certificate Store using MMC (Microsoft Management Console) but it wouldn’t show up in IIS.

My problem was that the certificate that I was trying to import only contained the public key and not the private. For decryption to work correctly, the server obviously needs to have both the public and the private key. To resolve the problem I created the needed PKCS #12 Certificate File following the steps outlined here, and then clicked on the Import link (not the Complete Certificate Request… link) in the Server Certificates window in IIS.

From there simply select the .pfx file, enter the password used when creating the file, and you are good to go.

About these ads
Posted in IIS, Security. Tags: , , . 10 Comments »

10 Responses to “IIS: Disappearing SSL Certificate Problem Resolved”

  1. kapils Says:

    Hi Nick,

    It’s nice article. Cleared many doubts ( Thankx!! )

    Please could you proide me help in following task…

    – I have created a Localhost based Asp.Net Web application in VS 2010 with a Default.aspx page
    – Then added this application in IIS7’s “Sites” node
    – Then Created a Certificate request from IIS7
    – Then requested from “Thawte” for free trial SSL Certificate using generated “CERTIFICATE REQUEST”
    – I received an email from Thawte with three Certificates…

    1. Trial SSL certificate
    2. Trial Secure Server Intermediate CA
    3. Test CA Root certificate
    These i saved as separate *.cer files (plain text files)

    – Then I selected Complete Certificate Request and follow the screens but I received Error “Cannot find the certificate request associated with this certificate file”. A certificate request must be completed on the computer where the request was created.”

    Please help me.

    Thanks.
    Kapils

  2. Victor Says:

    Nick,
    Great article but you don’t explain how you get the Privatekey.txt file needed to generate the PFX file.

    Thanks,

    Victor

    • Nick Olsen Says:

      The private key should have been supplied to you by the organization that issued the SSL certificate. If you didn’t receive it, contact them.

      • BKz Says:

        What? Private keys are private. That’s why they’re called ‘private’. You don’t get them from the CA; they’re generated on your server.

  3. Chris Missal (@ChrisMissal) Says:

    I also added to the other post, but you can export the .pfx file if it exists on another server and you know the password.

  4. dsds Says:

    Thats awesome. Thank you

  5. AndrePKI Says:

    Best practice should be to generate the CSR (signing request) on the IIS host (from the IIS management console). This way the private key is only present where it should be (on the webserver) and nowhere else.

    • Aamir Says:

      I was having the same issue. Finally I resolved the issue by first generating certificate request from the server (CSR). Copy the contents of CSR and paste it in godaddy Re-Key popup, after it is re-keyed (no wait required, re-keyed instantly), downloaded the certificate again and Completed the certificate request from IIS server certificates console.

      Hope this helps!

  6. ssl certificates disappear IIS - Just just easy answers Says:

    […] I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here […]

  7. Jacques GĂ©rard Says:

    Thanks for your post. It works great.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 69 other followers

%d bloggers like this: