Installed SSL certificate in certificate store, but it's not in IIS certificate list

Question

After installation of a wildcard SSL certificate into the certificate store, the certificate does not appear in the IIS certificate list for use with site bindings.

The certificate was installed correctly, but apparently no key was included with the certificate.

How can you fix this issue without doing a new request or contacting someone for the key (if, for instance, it's the day before a launch? ;-) )

Answer 1

I ran into this problem today. Due to the timeframe and some other issues, getting the key from the provider was not possible.

I found the following solution here (under pixelloa's comment) and thought it would be good to have the answer on Stack Overflow as well.

If the certificate does not have a private key, you can fix this by doing the following:

To fix this, use the MMC snapin to import the cert into PERSONAL store of the computer account, click it and grab the serial # line. Go to dos, run certutil -repairstore my "paste the serial # in here" (you need the quotes unless you remove the spaces from the serial number) then refresh MMC with personal certs, right click it - export - select everything except DELETE PRIVATE KEY, hit ok. Then go to IIS and IMPORT cert instead of finish request.

For what it's worth, all I actually had to do was run the certutil -repairstore command, and my certificate worked. I did run the export and set a password for the export itself, but I did not have to reimport the certificate. The certificate now shows up in IIS's list of certificates and can be used for HTTPS bindings.

I hope this helped someone.