IIS: Disappearing SSL Certificate Problem Resolved

I followed the many different articles outlining how to import SSL certificates into IIS exactly and everything worked great except for the fact that when I navigated away from the Server Certificates window, the certificate would disappear. I could see the certificate in the server’s Personal Certificate Store using MMC (Microsoft Management Console) but it wouldn’t show up in IIS.

My problem was that the certificate that I was trying to import only contained the public key and not the private. For decryption to work correctly, the server obviously needs to have both the public and the private key. To resolve the problem I created the needed PKCS #12 Certificate File following the steps outlined here, and then clicked on the Import link (not the Complete Certificate Request… link) in the Server Certificates window in IIS.

From there simply select the .pfx file, enter the password used when creating the file, and you are good to go.

Posted in IIS, Security. Tags: , , . 19 Comments »

19 Responses to “IIS: Disappearing SSL Certificate Problem Resolved”

  1. kapils Says:

    Hi Nick,

    It’s nice article. Cleared many doubts ( Thankx!! )

    Please could you proide me help in following task…

    – I have created a Localhost based Asp.Net Web application in VS 2010 with a Default.aspx page
    – Then added this application in IIS7’s “Sites” node
    – Then Created a Certificate request from IIS7
    – Then requested from “Thawte” for free trial SSL Certificate using generated “CERTIFICATE REQUEST”
    – I received an email from Thawte with three Certificates…

    1. Trial SSL certificate
    2. Trial Secure Server Intermediate CA
    3. Test CA Root certificate
    These i saved as separate *.cer files (plain text files)

    – Then I selected Complete Certificate Request and follow the screens but I received Error “Cannot find the certificate request associated with this certificate file”. A certificate request must be completed on the computer where the request was created.”

    Please help me.


  2. Victor Says:

    Great article but you don’t explain how you get the Privatekey.txt file needed to generate the PFX file.



    • Nick Olsen Says:

      The private key should have been supplied to you by the organization that issued the SSL certificate. If you didn’t receive it, contact them.

      • BKz Says:

        What? Private keys are private. That’s why they’re called ‘private’. You don’t get them from the CA; they’re generated on your server.

  3. Chris Missal (@ChrisMissal) Says:

    I also added to the other post, but you can export the .pfx file if it exists on another server and you know the password.

  4. dsds Says:

    Thats awesome. Thank you

  5. AndrePKI Says:

    Best practice should be to generate the CSR (signing request) on the IIS host (from the IIS management console). This way the private key is only present where it should be (on the webserver) and nowhere else.

    • Aamir Says:

      I was having the same issue. Finally I resolved the issue by first generating certificate request from the server (CSR). Copy the contents of CSR and paste it in godaddy Re-Key popup, after it is re-keyed (no wait required, re-keyed instantly), downloaded the certificate again and Completed the certificate request from IIS server certificates console.

      Hope this helps!

  6. ssl certificates disappear IIS - Just just easy answers Says:

    […] I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here […]

  7. Jacques Gérard Says:

    Thanks for your post. It works great.

  8. John Says:

    This came up for us when we were updating our certificates to SHA-2. The first server worked perfectly, but on the second server the certificate kept disappearing after Completing the Certificate Request. Checking the Certificates through MMC\Certificates in the Personal\Certificates folder showed the new certificate did not have a key on it. Using the link below we exported the Private key from the first server and imported it into the second server. Once this was done a key appeared where is wasn’t and in IIS the certificate we were adding reappeared after refreshing the screen.


  9. Renars Says:

    Exactly the same happens to IIS8, not only to IIS7.

    Bumped into this when needed to add a wildcard certificate to another IIS server of mine. Much quicker solution was to export PFX from allready running IIS server, copy it to a new server and simply importing it in IIS* and voila – you’re good.

  10. Fixed: ssl certificates disappear IIS #programming #dev #answer | SevenNet Says:

    […] I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here […]

  11. Solution: ssl certificates disappear IIS #fix #programming #computers | Good Answer Says:

    […] I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here […]

  12. Solution: ssl certificates disappear IIS #programming #computers #answer | IT Info Says:

    […] I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here […]

  13. Lubos Says:

    same problem as described…thanks for article, you save my day

  14. The Whole Story of “Server Certificate Disappears in IIS 7/7.5/8/8.5/10.0 After Installing It! Why!” | Half-Blood Programmer Says:

    […] https://nickstips.wordpress.com/2010/09/08/iis-disappearing-ssl-certificate-problem-resolved/ […]

  15. Sam Harvey Says:

    I had to install the following NetSol .crt to the following locations


    TrustExternalCARoot.crt Computer/Trusted Root CA
    NetworkSolutionsDVServerCA.crt Computer/Intermediate CA
    USERTrustRSACA User/Trusted Root CA
    Actual SSL cert I bought Computer/Personal

    Then I had to move the private key IIS8 generated with the CSR from the

    Computer/Web Hosting to Computer/Personal

    So that it was with the public cert and rename my purchased SSL to something different than my private.

    Into IIS | Sites | Default Web Site | Bindings | 443 | My public SSL was finally sitting there.

  16. First attempts at Let’s Encrypt – AnotherUrl Says:

    […] but it’s gone. The certificate! IIS: Disappearing SSL Certificate Problem Resolved Import it then, not complete! Bind goat… port 443 (Router port redirection) Be […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: