Saturday, December 31, 2016

Disappearing SSL certificates from IIS 7.0 Manager

Disappearing SSL certificates from IIS 7.0 Manager

Keep in mind that they are going to cost you much.

If you have two ssl certs for a and then a, these two certs cannot be installed in IIS servers upto version 7.5.  IIS8 on Windows 2012 supports it though.

Note: you need to create the csr on the machine where you will be installing the ssl certificate. otherwise, the private key is not present and the ssl certificate is not installed properly.


Got this below information from elsewhere...

April 9, 2014 at 8:01 am
If anyone is still watching this thread… I came across this with a digicert cert as well. What I did was import it anyway into IIS. After adding it, but before it disappeared I right-clicked and selected view on the cert, went to the Details tab, and selected copy to file. Selected to export the private key, and assigned a password. Then I refreshed (cert was gone) and re-imported the now .pfx cert and entered the password.

Worked like a charm.

1. Import cert anyway

2. Right-click > View

3. Details tab > Copy to File

4. Export PK, assign password, export as .pfx

5. Import new .pfx

It didn't work for me, though. Because, I had created the csr from a Centos 7 linux server.

It is indicated that the certificate may not be installed and doesn't work if the private key is not part of the SSL certificate.

So, I copied the issued certificate to my Centos 7 server and then issued the following command to export it to .pfx format

openssl pkcs12 -export -out -inkey sub.domain.key -in -certfile
Enter pass phrase for sub.domain.key:
Enter Export Password:
Verifying - Enter Export Password:

In the above, enter the pass phrase you keyed in during the creation of the certificate signing request.

The resultant .pfx file created may be used to install the SSL certificate in your IIS server.

After all this effort, if you are trying to install the two certificates on an IIS 7.5 web server or less, you are bound to be unsuccessful, because multiple certs for multiple domains are supported only in IIS 8+ onwards.

That is what we found the hard way. May be we should have researched better.

So, that's what we will be doing. Setting up the Windows 2012, IIS 8+ and install the certificates separately.

Will keep you updated.

Post a Comment

Why should I not take revenge?

This is what we do and have been doing since we have known man. Revenge seems to be a natural response to injustice that seems to target us... Registered & Protected DWYE-NHTO-NBNH-7FFM