none
SSL Certificate - IIS 6 RRS feed

  • Question

  • Hi,

    I have a big problem.

    I bought the SSL Certificate and I was trying to install it on the server with SharePoint. I went to IIS Manager and I chose "Server Certificates" option. Then: "Complete Certificate Request..."\browse\I chose *.cer file\"Personal" store\and "OK".

    In the next step I was expanding "Sites"\I chose my web app\then "bindings..."\"Add"\"Type" changed on "https"\and in "SSL Certificate" there was no certificate which I added. So I went back to "Server Certificates" (the place where I added) and suddenly the certificate also disappeared from there...

    So, I found this solution:

    1. First open MMC with the Certificates plug in.
    2. Drag-n-drop your new certificate (missing the key on the upper left part of the certificate icon) to the "Personal" certificate store. This I did because the name of the "Web Hosting" store is a so called friendly name and not the real name of the store, and I could not remember the real name which is needed for the command prompt utility certutil. Instead I just remembered that the real name of "Personal" is "My". Makes the rest easy, and once done I just move the certificate back into "Web Hosting".
    3. Once the new certificate (missing the key) is in the "Personal" store, start a command prompt and issue the following command: certutil -store "My" (assuming the quotes are needed)
    4. Note the serial number of your certificate. It's in the first line of the certificate dump. If you have other certificates in the "My" store, then you need to find the one you just moved. Look at expiration date and name for example. Mark and copy the serial number.
    5. Now issue the command certutil -repairstore "My" <paste serial number here> and note the private key is verified.
    6. Move the certificate back to the "Web Hosting" store and refresh. You should now see the certificate icon overlaid with a small key icon in the upper left part.
    7. Now you should be able to choose the certificate from inside the IIS bindings dialog.

    And I stopped at the 5th step. After executing the command, it popped up:


    After clicking "Cancel", CMD showed inscription "Access Denied".

    I will be grateful for your help and thank you for your time to read this,

    M.

    Friday, September 15, 2017 12:42 PM

All replies

  • Hi,

    》》5.Now issue the command certutil -repairstore "My" <paste serial number here>and note the private key is verified.

    According the error message, please make sure you have the private key of the SSL certificate. 


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, September 18, 2017 6:38 AM
    Moderator
  • I have a private key.

    :(


    • Edited by manulxxx Tuesday, September 19, 2017 1:12 PM
    Monday, September 18, 2017 9:31 AM
  • If you open certificates snap-in in MMC, where is the certificate? Is it in personal under User or Local Computer store - make sure it is in Local Computer store otherwise it won't be visible. When you double click the certificate, does it show the private key (down the bottom of the dialog) is available?

    If this helped you please click "Vote As Helpful", if it answered your question please click "Mark As Answer"

    Georg Thomas | CISSP, CISM, CEH, GIAC, MCSE (Security)
    Twitter @georgathomas

    This forum post is my own opinion and does not reflect the opinion or view of my employer.

    Friday, September 22, 2017 6:45 AM
  • The real (internal) name of the "Web Hosting" store is "WebHosting", for anyone following the steps above.
    Thursday, October 10, 2019 1:50 PM