You are planning to deploy SSL certificate for your website. You go ahead and get the required certificates from the Certificate Authority (CA) and install it in the Local Machine store via Certificate Manager.
Next, you go to Server Certificate feature to check for the installed certificate before you can bind the certificate with the website.
But the Certificate you just installed is not showing in the console, its missing! What do you do?
You verify the certificate is valid by checking the following –
- That the current date and time is within the “Valid from” and “Valid to” date range on the certificate.
- That the certificate’s “Common Name” (CN) matches the host header in the request. For example, if the client is making a request to http://www.contoso.com/, then the CN must also be http://www.contoso.com/.
- That the issuer of the certificate is a known and trusted CA
All the above conditions are true but still the certificate is not showing up.
It happens that the Server Certificates module in IIS manager displays a list of certificates from the Local Machine SSL store. But it only lists the certificate if –
1. The certificate has a private key
2. The certificate is meant for Server Authentication
In my case I found that the private key was missing in the certificate.
We can recover the private key by following the below steps –
To recover the private key on the certificate, we need to repair the certificate using the following command –
certutil –repairstore my <serial number>
where serial number can be obtained by looking up the certificate properties as indicated below.
Once the certificate was repaired, we were able to get back the private key.
If the above commands completes successfully but does not work to get back the private key then you may have to recreate the certificate.
Once my private key was retrieved, the Server Certificates console starting showing up the certificate as well.
References
Certutil – https://technet.microsoft.com/en-us/library/cc732443.aspx
http://blogs.msdn.com/b/jaskis/archive/2009/04/22/missing-private-keys-pair-after-deleting-pending-request-from-iis.aspx