I followed the many different articles outlining how to import SSL certificates into IIS exactly and everything worked great except for the fact that when I navigated away from the Server Certificates window, the certificate would disappear. I could see the certificate in the server’s Personal Certificate Store using MMC (Microsoft Management Console) but it wouldn’t show up in IIS.
My problem was that the certificate that I was trying to import only contained the public key and not the private. For decryption to work correctly, the server obviously needs to have both the public and the private key. To resolve the problem I created the needed PKCS #12 Certificate File following the steps outlined here, and then clicked on the Import link (not the Complete Certificate Request… link) in the Server Certificates window in IIS.
From there simply select the .pfx file, enter the password used when creating the file, and you are good to go.
December 6, 2010 at 11:49 am
Hi Nick,
It’s nice article. Cleared many doubts ( Thankx!! )
Please could you proide me help in following task…
- I have created a Localhost based Asp.Net Web application in VS 2010 with a Default.aspx page
- Then added this application in IIS7′s “Sites” node
- Then Created a Certificate request from IIS7
- Then requested from “Thawte” for free trial SSL Certificate using generated “CERTIFICATE REQUEST”
- I received an email from Thawte with three Certificates…
1. Trial SSL certificate
2. Trial Secure Server Intermediate CA
3. Test CA Root certificate
These i saved as separate *.cer files (plain text files)
- Then I selected Complete Certificate Request and follow the screens but I received Error “Cannot find the certificate request associated with this certificate file”. A certificate request must be completed on the computer where the request was created.”
Please help me.
Thanks.
Kapils
January 19, 2011 at 10:00 am
Nick,
Great article but you don’t explain how you get the Privatekey.txt file needed to generate the PFX file.
Thanks,
Victor
January 19, 2011 at 10:02 am
The private key should have been supplied to you by the organization that issued the SSL certificate. If you didn’t receive it, contact them.
June 3, 2013 at 12:01 pm
What? Private keys are private. That’s why they’re called ‘private’. You don’t get them from the CA; they’re generated on your server.
March 23, 2012 at 1:11 pm
I also added to the other post, but you can export the .pfx file if it exists on another server and you know the password.
August 3, 2012 at 8:43 am
Thats awesome. Thank you
February 11, 2013 at 7:18 am
Best practice should be to generate the CSR (signing request) on the IIS host (from the IIS management console). This way the private key is only present where it should be (on the webserver) and nowhere else.
April 24, 2013 at 11:40 pm
I was having the same issue. Finally I resolved the issue by first generating certificate request from the server (CSR). Copy the contents of CSR and paste it in godaddy Re-Key popup, after it is re-keyed (no wait required, re-keyed instantly), downloaded the certificate again and Completed the certificate request from IIS server certificates console.
Hope this helps!