1

I've installed a GoDaddy wildcard certificate on my Win2003/IIS6 Server. It shows up in the Intermediate Certificate Authorities area of the MMC Certicates. All looks fine: Issued to: *.mydomain.com; Issued By: Go Daddy...;Expiration Date 11/2/2012; Intended Purposes: Server Authentication, Client Authentication

But, when I go to assign it to a website in IIS, it doesn't show up in the Available Certificates box.

I mostly followed these instructions from GoDaddy. I did just now realize that rather than choosing the .p7b file in step 12, I chose the .crt file. I tried re-following the steps and chose the .p7b file this time but it didn't make a difference.

What am I missing?

I've looked at this similar thread: IIS 6 Available certificates list But his problem was his cert wasn't valid for Server Authentication, mine is.

Update I deleted the ceertificate from the Intermediate store and installed it using the .p7b in the Personal store and then I can see the Certificate and it seems to link up properly but when I try to browse to the site using https, I get "The connection was interupted". So something still isn't right.

I ran SSLDiag and it states "You DON'T have a private key that corresponds to this certificate".

I tried running: certutil -repairstore my "mythumbprint" in the command line but that failed.

Community
  • 1
EfficionDave
  • 221
  • 1
  • 4
  • 16

2 Answers2

3

Installing the certificate is sufficient for you to recognize it and consider it valid, it's not sufficient for you to claim the certificate as your own. You need to install the corresponding private key as well. If you have the certificate and key as a .p12 file, you can follow Microsoft's directions.

David Schwartz
  • 31,449
  • 2
  • 55
  • 84
2

It's installed in Intermediate Certificates, not Personal Certificates; it's not installed correctly.

As David said, you can import with a private key if you have a bundle; if you did the full certificate request process from this system then something went wrong.

Can you provide additional detail about what steps to you to request and import this certificate?

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • I've added detail about the instructions I followed to the question. – EfficionDave Nov 03 '11 at 14:42
  • Ok, so let's clarify that - steps 20 through 30 on that GoDaddy document are what actually matter for completing your certificate request, *not* their (unnecessary) direction to put the certificate into the intermediate store. Did you complete the certificate request, as directed in the last 10 steps? If so, the certificate is in the Computer account's Personal store. Check there. – Shane Madden Nov 04 '11 at 00:32
  • 1
    It seems that ultimately, my problem was that I never properly associated the Certificate with the Private Key because I somehow chose the wrong option on step 26. The final solution was to remove the existing certificate, re-key the certificate from GoDaddy and then follow the steps properly to install it. – EfficionDave Nov 04 '11 at 16:56