We help IT Professionals succeed at work.

SSL certificate not SHowing in IIS8.5

Bill Doherty
Bill Doherty asked
on
I am trying to install certificates on a web server,  The web server is IIS8.5 on a windows 2012R2 server.

I initiated the certificate via IIS and completed it as required. Got the error message "failed to delete file" and found instruction about that.  Opened MMC and moved the certificates from Personal to Web Hosting but they still do not appear in List on IIS server.

This shows that certificates are listed in Webhosting      This shows that they are not seen by IIS
I have yet to find anything online that provides other alternatives or what I can do to fix this.
Comment
Watch Question

Distinguished Expert 2018

Commented:
What is not immediately evident is whether those certificates shown in your first screenshot were available for server authentication and whether there is a private key in the store for the cert you want to use. Viewing the properties can tell you a ton.
Bill DohertyNetwork Administrator

Author

Commented:
Hi Cliff and thanks for replying.  To answer your question they are enabled for all purposes:
cert3.PNG
Distinguished Expert 2018

Commented:
And the private key?
Bill DohertyNetwork Administrator

Author

Commented:
There is no Private key.  Or I can  not find one. Comodo only sent the crt file which I installed according to instructions. They just don't show up so that I can bind them.
Distinguished Expert 2018
Commented:
The private key is generated and saved in the store when you initially generate the CSR. Then two are paired when you complete the cert request. If you went a different path or generated the CSR elsewhere then you have broken the public/private association. This can be fixed.

 Use the wizard. Request a cert. Generate a CSR. Request a "rekey" from Comodom(this is free) and submit the new CSR. When you get the resulting file, return to the wizard and finish the process of requesting the cert. It'll ask for the certificate file and will install the certificate with the public *and* private keys paired. It will then be available to IIS.
Bill DohertyNetwork Administrator

Author

Commented:
Ah! Because I saved the file from Comodo somewhere other than where the crs.txt file exists is the problem?  I have contacted Comodo they are working the reissue now. I will let you know. Thanks
Distinguished Expert 2018

Commented:
Nothing to do with where you saved the txt file. Generating a CSR also generates a private key. That key is *only* in the certificate store. Not in a text file. Otherwise the certificate would be severely compromised.
Bill DohertyNetwork Administrator

Author

Commented:
Thank you for your Help. I believe that when I initially sent the request COMODO sent the basic SSL cert and I connected that with the the private key, so when the EV Cert came through there was nothing to bind too. Since then I have received rekey for EV certification and am now able to bind the SLL certificate to the web site.