After you install a new certificate on your windows server you will likely want to go into IIS and configure the bindings to have HTTPS on port 443 use that new certificate:
But what if that certificate doesn’t appear in SSL CERTIFICATE the drop down list? You’ve got a problem.
The problem is likely that the certificate has been installed onto a machine that did not create the certificate request bracket (CSR) so it doesn’t know what to do with it.
Fortunately, you have two choices, both of which are pretty easy:
1 – REKEY:
For most people the fastest fix is just to log into the certificate provider (i.e. GoDaddy), rekey the certificate, then download and install the rekeyed certificate again. Our problem was that this certificate had been issued a few days earlier to a different tech in the same company and we had no idea where he had applied that certificate (because it was a wild-card certificate). This would be the same problem if you had a UCC certificate. If the certificate is already in use somewhere else in the company (i.e. firewall, VPN, other servers…), and you rekey it, you need to reinstall the updated rekeyed certificate where it is already in use.
2 – CERTUTIL COMMAND
PART 1 – Find the Cert “thumprint”
- In CERTIFICATES – LOCAL COMPUTER, expand PERSONAL > CERTIFICATES
- Right click on the certificate in question and select PROPERTIES
- Click on the DETAILS tab
- Scroll to the bottom and click on THUMBPRINT
- Copy the Thumbprint code to your clipboard
PART 2 – CERTUTIL Command
- Open a CMD Prompt as an Administrator
- Enter
certutil -repairstore my "{thumbprint}"
replace {thumbprint} with the certificates thumbprint
yes, the quotes are needed unless you want to remove all of the spaces from your thumbprint - Wait a few seconds for the system to return
CertUtil: -repairstore command completed successfully
Now the certificate should show up in your IIS SSL Certificate dropdown list. You do not need to restart any services or the server to have this repair certificate up here in the list..
0 Comments