Installing SSL Certificate for use in IIS7, installation "works", but cert listing disappears

windows-server-2008 iis-7 ssl ssl-certificate
29,436

Solution 1

The certificate was not exportable, so I was unable to use Roberts suggestion. Ultimately, I had to rekey the certificate at the Go Daddy account management page, and install it on both servers again. Some of the options during the wizard for the install on IIS6 were grayed out for me, and my initial attempt on that server failed. I ended up installing the certificate on the new server (IIS7), and then exporting that certificate in a .pfx format, and then importing that version into the IIS6 installation. At which point everything started working.

Solution 2

Try exporting the certificate from the IIS6 server using these instructions: http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html

That will ensure that the certificate has a private key.

Solution 3

try importing into Intermediate Certificate Stores. If you view the certificate there, you will find that "you have a private key that corresponds to this certificate". Simply export to .pfx, then import into IIS. Worked for me :)

Share:
29,436
Matt
Author by

Matt

Updated on September 17, 2022

Comments

  • Matt
    Matt over 1 year

    Windows Server 2008 R2, IIS7. We have an SSL cert from Go Daddy. It's a wildcard cert, so it will work across subdomains (e.g. *.domain.com). I followed the instructions located at http://support.godaddy.com/help/article/4801/installing-an-ssl-certificate-in-microsoft-iis-7 for installing the certificate. I get to the IIS step, where I:

    • Click on "Security Certificates" feature when the server is selected in the left pane
    • Click on "Complete Certificate Request"
    • Navigate to the .crt file on the file system
    • Give it a "friendly" name, click finish

    The cert gets listed on the main pane now of this "Server Certificates" panel. But, if I refresh the page, or navigate away and come back, it's gone. And the cert is not listed as a viable binding when trying to bind a site to https.

    This seems like a pretty straight forward process, but clearly I'm missing something here. Any ideas?

    EDIT: I found this post, which seems to imply this behavior happens when you try to use the intermediate certificate. When I downloaded the files from GoDaddy, there were 2 in a zip file. 1 was the gd_iis_intermediates, the other was named for the domain. I installed the domain one (extension .crt). There didn't seem to be any other option - installing the other from IIS gives an error "Cannot find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created".

    That being said, there doesn't appear to be any other download I can use.

    There was also mention, in the comments (and elsewhere after googling) of "exporting" the cert as a pfx, and installing that. But I can't figure out how to export it - even through certmgr.msc.

    I should also mention this cert is installed on another computer running IIS6 (this IIS7 installation is meant to be a failover, plus the primary while we upgrade the IIS6 to IIS7). But I can't figure out how to export it from that computer either.

  • Matt
    Matt about 14 years
    The option to export the private key is grayed out, saying it was marked as "unexportable"
  • Matt
    Matt about 14 years
    Come to think of it, the fact it was marked as unexportable is probably why this certificate didn't get migrated over during the msdeploy migration of the server ... hmm
  • Robert
    Robert about 14 years
    If you aren't able to find a server where the certificate is exportable, you will need to generate a new CSR and have GoDaddy reissue/re-key it to get a new matching certificate.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I install root or intermediate SSL certificates without restarting server?
Identify and disable weak cipher suites Windows server 2008 / IIS 7
Manually create Private RSA Key from Text file? To be used with SSL for IIS7
Getting ASN1 bad tag error when trying to complete certificate request in IIS7
SSL Certificate Stops Working after Server Reboot on IIS7, W2K8
SSL Certificate Installation Issue with Remote Desktop Connection
SSL stops working on IIS7 after a reboot
Getting 401 when using client certificate with IIS 7.5
IIS7 add certificate to site from command line
How do I import certificate (.CER) in IIS