Installed SSL certificate in certificate store, but it's not in IIS certificate list

Question

After installation of a wildcard SSL certificate into the certificate store, the certificate does not appear in the IIS certificate list for use with site bindings.

Answer 1

You can export a pfx from IIS on another server, if you have a server with the cert successfully installed.

Update:

Working on another round of certificate updates (a renewal) I ran into this problem again, on every server I tried. @Geir's answer didn't work, but it did give me an idea. I identified the server where I had generated the Certificate Request and successfully installed the new cert there. From that server I was able to export a pfx and then import the pfx version on the rest of the servers. No need to redo the Cert Request.

Answer 2

The certutil -repairstore command mentioned in other answers worked for me, but if your certificate is in the "Web Hosting" store and you don't want to move it, the real (internal) name of the "Web Hosting" store is "WebHosting", for anyone following the steps mentioned here.

Answer 3

We had a similar issue on our team trying to apply a wildcard certificate on our new VM.

So it might be a different situation were we were trying to copy our existing certificate to a new VM, but ended up with the same problem( certificate missing from IIS certificate list).

This article (link below) helped us:

So what did the trick was to export the certificate from the original server and include the private key during the export process( add a password to protect your certificate)

then import it to the new server where you want to install the certificate. Mark the key as exportable so that it can be exported later on.

I do not want to do a step by step since its well documented in the article.

https://www.digicert.com/kb/ssl-support/certificate-pfx-file-export-import-iis-10.htm

Answer 4

The Issue is the certificate request(CSR) was not generated from IIS. If you generated from Other sources e.g OpenSSL it will bring the issue. You need to generate the Certificate request(CSR) from IIS -> Create a certificate request, then enter all the details and then send to the vendor for regeneration of the SSL certificate. Mine worked properly after that.

Answer 5

If you are using Godaddy as your certificate authority, and you are running into this issue; All you have to do is Re-key the certificate. I tried the above certutil -repairstore my "paste the serial # in here" but the system wanted me to use smart card for authentication. (Running IIS10 on Server 2016 and 2012R2)

When I Created a Certificate Request, gone through the process of Re-keying and gone through the process of "Complete Certificate Request" I was able to sucessfuly configure "Bindings..." without the certificate disappearing.

Answer 6

had the same problem.

You need to ensure you are installing on the same server as the one you created the "CSR" file from. Otherwise, it won't have the private keys.

If you got your cert, just ask to re-key, it will ask for a new CSR file. I.e. Go Daddy allows you to re-key, just find the cert, and hit "manage"

I am not expert at this stuff, but this managed to work.