Certificates not visible in Server Certificates console of IIS 7/IIS 8 Manager

  • Article

You are planning to deploy SSL certificate for your website. You go ahead and get the required certificates from the Certificate Authority (CA) and install it in the Local Machine store via Certificate Manager.

Next, you go to Server Certificate feature to check for the installed certificate before you can bind the certificate with the website.

But the Certificate you just installed is not showing in the console, its missing! What do you do?

You verify the certificate is valid by checking the following -

  1. That the current date and time is within the "Valid from" and "Valid to" date range on the certificate.
  2. That the certificate's "Common Name" (CN) matches the host header in the request. For example, if the client is making a request to https://www.contoso.com/, then the CN must also be https://www.contoso.com/.
  3. That the issuer of the certificate is a known and trusted CA

All the above conditions are true but still the certificate is not showing up.

It happens that the Server Certificates module in IIS manager displays a list of certificates from the Local Machine SSL store. But it only lists the certificate if - 

1. The certificate has a private key

2. The certificate is meant for Server Authentication

In my case I found that the private key was missing in the certificate.

We can recover the private key by following the below steps –

To recover the private key on the certificate, we need to repair the certificate using the following command –

certutil –repairstore my <serial number>

where serial number can be obtained by looking up the certificate properties as indicated below.

Once the certificate was repaired, we were able to get back the private key.

If the above commands completes successfully but does not work to get back the private key then you may have to recreate the certificate.

Once my private key was retrieved, the Server Certificates console starting showing up the certificate as well.

References

Certutil - https://technet.microsoft.com/en-us/library/cc732443.aspx

https://blogs.msdn.com/b/jaskis/archive/2009/04/22/missing-private-keys-pair-after-deleting-pending-request-from-iis.aspx

Disclaimer: The information in this weblog is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion. Inappropriate comments will be deleted at the author’s discretion. All code samples are provided "AS IS" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular.