“I install a SSL server certificate using the ‘Complete Certificate Request’ wizard in IIS manager and when I refresh the view the certificate disappears. “
I have heard that a couple of times and every time I used to go “What ?” Until someone showed it to me.
If you are one of those who are wondering about this read on.
The Server Certificates module in IIS manager displays a list of certificates from the Local Machine SSL store.
But it only lists the certificate if
1. The certificate has a private key
2. The certificate is meant for Server Authentication
And this is where the disappearing act occurs.
The IIS Manager enumerates all the extensions of the certificate and checks if OID 18.104.22.168 (Extended Key Usage) exists. If it does the certificate Enhanced Key Usage section must contain 22.214.171.124.126.96.36.199.1 (Server Authentication).
In the repro’ I was shown the user had actually downloaded the intermediate certificate and used that .cer file to complete the certificate request. In this case the wizard will go thro’ all the steps but when you refresh the view the certificate will not be listed.
PingBack from http://microsoft-sharepoint.simplynetdev.com/disappearing-ssl-certificates-from-iis-70-manager/
Hi there, I had the same issue as mentioned in your post. I have found a solution whereby you need to export certificate from certificates.msc concole to a certificate.pfx file. Please make sure to export it with a private key and password protect it. Once this is done you can import the certificate in iis by using import option instead of complete certification request. This keeps the certificate in server certificates console and you can bind the website to the certificate.
when i try exporting my cer file as pfx in the mmc, the pfx option is greyed out :( anyone else had this problem?
I had the same problem. Once I had the cert re-issued with a new request key it worked.
I've found the problem can be reproduced when the leaf certificate has been installed under Intermediate Certification Authorities. Removing it (and leaving any real intermediate, if applicable) then completing the wizard corrects the problem.
I had the same problem. I was missing the private key in my certificate. I wrote instructions on how to resolve this issue here: nickstips.wordpress.com/.../iis-disappearing-ssl-certificate-problem-resolved
My solution was found by changing the files I had to a .pfx file and importing it, go to the following: nickstips.wordpress.com/.../sql-ssl-and-sql-server-2008-creating-the-certificate
OR it could be the cert (Network solutions is notorious for this as they charge $150 for helping to install it) doesn't actually have a privatge key. Here are instructions to make the PFX if you have no private key.
To fix this, use the MMC snapin to import the cert into PERSONAL, click it and grab the serial # line. Go to dos, run certutil -repairstore my "paste the serial 3 in here" (you need the quotes) then refresh MMC with personal certs, right click it - export - select everything except DELETE PRIVATE KEY, hit ok. Then go to IIS and IMPORT cert instead of finish request.
bingo - fixed.
And bite me netsol.
You are the best, pixelloa!
And I second your statement about netsol
pixelloa, your suggestion worked.
Nice one, thanks.
can you please tell me that how can i use certutil -repairstore?