I followed the many different articles outlining how to import SSL certificates into IIS exactly and everything worked great except for the fact that when I navigated away from the Server Certificates window, the certificate would disappear. I could see the certificate in the server’s Personal Certificate Store using MMC (Microsoft Management Console) but it wouldn’t show up in IIS.
My problem was that the certificate that I was trying to import only contained the public key and not the private. For decryption to work correctly, the server obviously needs to have both the public and the private key. To resolve the problem I created the needed PKCS #12 Certificate File following the steps outlined here, and then clicked on the Import link (not the Complete Certificate Request… link) in the Server Certificates window in IIS.
From there simply select the .pfx file, enter the password used when creating the file, and you are good to go.
Also, you can try the following method if the private key is missing.
restore the Private Key in SSL Certificate ?
The is another utility (CertUtil) which can be used to re-generate/repair the private keys for the certificates.
- Start -> mmc.exe -> Add snap-in -> Certificates -> Computer account. Verify that the installed certificate appears in the “Personal/Certificates” tab. If not, import it. A missing private key is visualized by the icon next to the certificate not containing a key icon.
- Open the certificate (.cer) file from disk by double-clicking on it. In the Details tab, note the serial number.
- Start -> cmd.exe. Type “certutil -repairstore my (serialnumberhere)”. The serial number should have no spaces.
After the Certutil: -repairstore command is completed, I double click the cert file and noticed the Key icon is visible now. I went back to IIS and check my certificates, it was there. yyyyeeeeessssss!!!!! 😀
Gayan's Tech Blog 