Installed SSL certificate in certificate store, but it's not in IIS certificate list

Question

After installation of a wildcard SSL certificate into the certificate store, the certificate does not appear in the IIS certificate list for use with site bindings.

Answer 1

Had the same problem and found the easy solution thanks to inspiration from the above answers. Here's a quick step-by-step summary:

1. First open MMC with the Certificates plug in.
2. Drag-n-drop your new certificate (missing the key on the upper left part of the certificate icon) to the "Personal" certificate store. This I did because the name of the "Web Hosting" store is a so called friendly name and not the real name of the store, and I could not remember the real name which is needed for the command prompt utility certutil. Instead I just remembered that the real name of "Personal" is "My". Makes the rest easy, and once done I just move the certificate back into "Web Hosting".
3. Once the new certificate (missing the key) is in the "Personal" store, start a command prompt and issue the following command: certutil -store "My" (assuming the quotes are needed)
4. Note the serial number of your certificate. It's in the first line of the certificate dump. If you have other certificates in the "My" store, then you need to find the one you just moved. Look at expiration date and name for example. Mark and copy the serial number.
5. Now issue the command certutil -repairstore "My" <paste serial number here> and note the private key is verified.
6. Move the certificate back to the "Web Hosting" store and refresh. You should now see the certificate icon overlaid with a small key icon in the upper left part.
7. Now you should be able to choose the certificate from inside the IIS bindings dialog.

Have fun!

Answer 2

when you have one certificate and 2 different web servers here how I fixed it:

1. List item
2. You should generate certificate at one of the servers as usually in IIS Then at that server you can also complete the certificate in IIS.
3. Run the program DigiCertUtil and export that working certificate
4. Go to the other web server in IIS in security certificates Import that file from step 3.
5. Then use that certificate to create the Binding.

Answer 3

For anyone who's using a GoDaddy generated certificate for IIS, you have to generate the certificate request from IIS. The instructions on the GoDaddy site is incorrect, hope this saves someone some time.

https://ca.godaddy.com/help/iis-8windows-server-2012-generate-csrs-certificate-signing-requests-4950

Found the answer from a guy named mcdunbus on a GoDaddy forum. Here is article https://www.godaddy.com/community/SSL-And-Security/Trouble-installing-SSL-Certificate-on-IIS-8n-Windows-2012/td-p/39890#

Answer 4

I had a key file & a crt file but it wouldn't show in IIS because I couldn't attach the key to the certificate during the import. Ended up creating a pfx file containing the certificate & the key, and after that it worked (When importing to the computer and not local user)

Created the file with OpenSSL (Download first).

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

Answer 5

If you are using Godaddy certificate, then the issue is that the machine on which the certificate request is created and the machine on which is you are trying to complete the request are different. So do the following:

1. Use the "generated-private-key.txt" file that was created the godaddy. Use this file to create .pfx certificate(with private key) you can use OpenSSL command:

   openssl pkcs12 -export -out {mydomain}.pfx -inkey generated-private-key.txt -in {your .crt file}

2. The above command will generate certificate with private key {mydomain}.pfx.

3. Import this certificate in IIS using "Import" option