1

I have been issued with a new PKCS #7 Certificate (.p7b) file, with which I need to replace the current soon-to-expire certificate on my server and assign to a binding in IIS.

I imported the file into [Certificates - Local Computer\Personal\Certificates] using the Certificates management console, but it doesn't appear in IIS, I assume because it's not associate with a private key, like the old one is (see image below, top one is the new one).

enter image description here

Is it possible to associate this new certificate with the old/existing private key? The original certificate was created using a private key generated on this server. Is it possible to extract the private key from the old certificate?

Sprintstar
  • 173
  • 1
  • 7

1 Answers1

0

One can use 'certutil' to do this, as alluded to in this Microsoft Knowledgebase article:

https://support.microsoft.com/en-gb/kb/889651

In an command window with administrator privileges, run the following command:

certutil -repairstore my "serialnumber"

..where serialnumber is the serial number of the new certificate. This will associate the certificate with the private key, and allow you to go on and assign it to bindings in IIS.

Sprintstar
  • 173
  • 1
  • 7