Installing SSL Certificate for use in IIS7, installation "works", but cert listing disappears
Windows Server 2008 R2, IIS7. We have an SSL cert from Go Daddy. It's a wildcard cert, so it will work across subdomains (e.g. *.domain.com). I followed the instructions located at http://support.godaddy.com/help/article/4801/installing-an-ssl-certificate-in-microsoft-iis-7 for installing the certificate. I get to the IIS step, where I:
- Click on "Security Certificates" feature when the server is selected in the left pane
- Click on "Complete Certificate Request"
- Navigate to the .crt file on the file system
- Give it a "friendly" name, click finish
The cert gets listed on the main pane now of this "Server Certificates" panel. But, if I refresh the page, or navigate away and come back, it's gone. And the cert is not listed as a viable binding when trying to bind a site to https.
This seems like a pretty straight forward process, but clearly I'm missing something here. Any ideas?
EDIT: I found this post, which seems to imply this behavior happens when you try to use the intermediate certificate. When I downloaded the files from GoDaddy, there were 2 in a zip file. 1 was the gd_iis_intermediates, the other was named for the domain. I installed the domain one (extension .crt). There didn't seem to be any other option - installing the other from IIS gives an error "Cannot find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created".
That being said, there doesn't appear to be any other download I can use.
There was also mention, in the comments (and elsewhere after googling) of "exporting" the cert as a pfx, and installing that. But I can't figure out how to export it - even through certmgr.msc.
I should also mention this cert is installed on another computer running IIS6 (this IIS7 installation is meant to be a failover, plus the primary while we upgrade the IIS6 to IIS7). But I can't figure out how to export it from that computer either.
Solution 1:
The certificate was not exportable, so I was unable to use Roberts suggestion. Ultimately, I had to rekey the certificate at the Go Daddy account management page, and install it on both servers again. Some of the options during the wizard for the install on IIS6 were grayed out for me, and my initial attempt on that server failed. I ended up installing the certificate on the new server (IIS7), and then exporting that certificate in a .pfx format, and then importing that version into the IIS6 installation. At which point everything started working.
Solution 2:
Try exporting the certificate from the IIS6 server using these instructions: http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html
That will ensure that the certificate has a private key.
Solution 3:
try importing into Intermediate Certificate Stores. If you view the certificate there, you will find that "you have a private key that corresponds to this certificate". Simply export to .pfx, then import into IIS. Worked for me :)