I followed the many different articles outlining how to import SSL certificates into IIS exactly and everything worked great except for the fact that when I navigated away from the Server Certificates window, the certificate would disappear. I could see the certificate in the server’s Personal Certificate Store using MMC (Microsoft Management Console) but it wouldn’t show up in IIS.
My problem was that the certificate that I was trying to import only contained the public key and not the private. For decryption to work correctly, the server obviously needs to have both the public and the private key. To resolve the problem I created the needed PKCS #12 Certificate File following the steps outlined here, and then clicked on the Import link (not the Complete Certificate Request… link) in the Server Certificates window in IIS.
From there simply select the .pfx file, enter the password used when creating the file, and you are good to go.
December 6, 2010 at 11:49 am
Hi Nick,
It’s nice article. Cleared many doubts ( Thankx!! )
Please could you proide me help in following task…
– I have created a Localhost based Asp.Net Web application in VS 2010 with a Default.aspx page
– Then added this application in IIS7’s “Sites” node
– Then Created a Certificate request from IIS7
– Then requested from “Thawte” for free trial SSL Certificate using generated “CERTIFICATE REQUEST”
– I received an email from Thawte with three Certificates…
1. Trial SSL certificate
2. Trial Secure Server Intermediate CA
3. Test CA Root certificate
These i saved as separate *.cer files (plain text files)
– Then I selected Complete Certificate Request and follow the screens but I received Error “Cannot find the certificate request associated with this certificate file”. A certificate request must be completed on the computer where the request was created.”
Please help me.
Thanks.
Kapils
August 31, 2017 at 7:55 am
certificate disappear
because of privet key problem
certutil -repairstore my “my serial number” = solve my problem!!!
January 19, 2011 at 10:00 am
Nick,
Great article but you don’t explain how you get the Privatekey.txt file needed to generate the PFX file.
Thanks,
Victor
January 19, 2011 at 10:02 am
The private key should have been supplied to you by the organization that issued the SSL certificate. If you didn’t receive it, contact them.
June 3, 2013 at 12:01 pm
What? Private keys are private. That’s why they’re called ‘private’. You don’t get them from the CA; they’re generated on your server.
March 23, 2012 at 1:11 pm
I also added to the other post, but you can export the .pfx file if it exists on another server and you know the password.
August 3, 2012 at 8:43 am
Thats awesome. Thank you
February 11, 2013 at 7:18 am
Best practice should be to generate the CSR (signing request) on the IIS host (from the IIS management console). This way the private key is only present where it should be (on the webserver) and nowhere else.
April 24, 2013 at 11:40 pm
I was having the same issue. Finally I resolved the issue by first generating certificate request from the server (CSR). Copy the contents of CSR and paste it in godaddy Re-Key popup, after it is re-keyed (no wait required, re-keyed instantly), downloaded the certificate again and Completed the certificate request from IIS server certificates console.
Hope this helps!
September 6, 2013 at 2:05 am
[…] I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here […]
January 16, 2014 at 10:55 am
Thanks for your post. It works great.
September 26, 2014 at 4:12 pm
This came up for us when we were updating our certificates to SHA-2. The first server worked perfectly, but on the second server the certificate kept disappearing after Completing the Certificate Request. Checking the Certificates through MMC\Certificates in the Personal\Certificates folder showed the new certificate did not have a key on it. Using the link below we exported the Private key from the first server and imported it into the second server. Once this was done a key appeared where is wasn’t and in IIS the certificate we were adding reappeared after refreshing the screen.
https://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm
December 30, 2014 at 3:18 am
Exactly the same happens to IIS8, not only to IIS7.
Bumped into this when needed to add a wildcard certificate to another IIS server of mine. Much quicker solution was to export PFX from allready running IIS server, copy it to a new server and simply importing it in IIS* and voila – you’re good.
January 9, 2015 at 11:57 am
[…] I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here […]
January 11, 2015 at 4:04 pm
[…] I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here […]
January 28, 2015 at 8:02 pm
[…] I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here […]
March 13, 2015 at 5:18 am
same problem as described…thanks for article, you save my day
June 5, 2015 at 8:45 pm
[…] https://nickstips.wordpress.com/2010/09/08/iis-disappearing-ssl-certificate-problem-resolved/ […]
November 11, 2015 at 12:44 pm
I had to install the following NetSol .crt to the following locations
CERT LOCATION
TrustExternalCARoot.crt Computer/Trusted Root CA
NetworkSolutionsDVServerCA.crt Computer/Intermediate CA
USERTrustRSACA User/Trusted Root CA
Actual SSL cert I bought Computer/Personal
Then I had to move the private key IIS8 generated with the CSR from the
Computer/Web Hosting to Computer/Personal
So that it was with the public cert and rename my purchased SSL to something different than my private.
Into IIS | Sites | Default Web Site | Bindings | 443 | My public SSL was finally sitting there.
March 4, 2016 at 1:35 pm
[…] but it’s gone. The certificate! IIS: Disappearing SSL Certificate Problem Resolved Import it then, not complete! Bind goat… port 443 (Router port redirection) Be […]
January 26, 2017 at 10:30 am
I purchased PositiveSSL and created the CSR file via their site and my mistake was that I did not use the IIS to create the file. However, the solution for me was to ” reissue” the SSL certificate and this time I used IIS to create the CSR file. It might work for you if you have purchased your SSL and have look at your vendor for re-issuing the same certificate again. it might help.
thanks,
Kabul