0

I have a new ECC SSL that I did a request for and processed the certificate and it shows up fine in the SSL Cert msc. However, it doesn't show up in the IIS list. ???

I've already read others with this problem such as (Installed SSL certificate in certificate store, but it's not in IIS certificate list). So please don't simply answer with you don't have a private key and/or you need to repair it)

Firstly: My SSL clearly says: "You have a private key that corresponds to this certificate".

Secondly, if I try and follow the certutil -repairstore just because I don't know what else to try, certutil complains that it is only expecting a few characters whereas my ECC's SSL Serial number is long, example (‎00 c9 34 39 d3 a5 f4 63 74 ba fb 50 de b3 92 7c b9) {this has been slightly obfusicated for security reasons}.

I'm at a loss here as to what is going on? I'm on Win Server 2012

Community
  • 1
  • 1
Michael Barber
  • 167
  • 1
  • 3
  • 16
  • did you generate the CSR from the machine on which the cert is installed ? – wal May 08 '16 at 23:20
  • Yes. Now I did import the original RSA certificate as a .pfx file. However, since that is a completely different key pair, I can't see how that could influence anything. Now, I didn't reboot the sever...because I've never had to do that before to see the new key...but? – Michael Barber May 08 '16 at 23:47
  • Ok, I tried a reboot and it still doesn't show up. – Michael Barber May 08 '16 at 23:55
  • I'm thinking I delete the whole key and start over.... ?? I'm not sure what else to do and I know that might take a few days but has the highest probability of success at this point. – Michael Barber May 08 '16 at 23:55
  • why would that take a few days? your cert auth shld be able to re-issue cert quickly after you provide CSR from IIS – wal May 09 '16 at 00:00
  • Which store did you see it in MMC? It must be placed under the computer account's Personal store and also meet other requirements, such as Enhanced Key Usage. – Lex Li May 09 '16 at 00:52
  • Yeh, you're right, it is about 4-6 hours with the DCV delay. – Michael Barber May 09 '16 at 02:43
  • Yes, Personal store and it linked up fine with the private key request that was already there in the same place. – Michael Barber May 09 '16 at 02:45
  • Run `certutil -store my`. It will try to use all certificates in LocalMachine\My store (where your certificate should be) and tell you if it is usable - it will run signature or encryption test that will tell if private key and public key/certificate have been correctly paired. – pepo May 09 '16 at 09:48

0 Answers0