Installing a certificate without the CSR's originating website in IIS 6

windows ssl iis-6

It seems the common method for installing a new SSL certificate for a site on IIS 6 is to create a temporary site, generate a CSR with the parameters of the real site, and then fulfill that CSR when the certificate is given.

This is all well and good, but I foolishly deleted the temporary site too early -- I deleted it after the CSR was generated and before I received the real certificate. I still have the CSR used and the certificate. Is there a way to get IIS to allow me to install this? Can I add the certificate to the registry manually or something? I really don't want to go through another reissue process.

Thanks in advance.


Chances are the private key still exists, but you will have to use certutil to repair the association. I've had to do this a few times myself. The below is from HERE:

To install a Web server certificate that lacks a pending certificate request 1. Click Start, point to Run, type cmd, and then click OK.

  1. Navigate to the directory where Certutil.exe is stored; by default, this is %windir%\system32.

  2. Type the following command at the command prompt: certutil -addstore my certnew.cer where certnew.cer is the name of the certificate you received from the certification authority (CA). You should see the following message: CertUtil: -addstore command completed successfully.

  3. Navigate to the directory where you stored the certificate you received from the CA. Right-click the certificate and then point to Properties.

  4. Click the Details tab and select in the Show drop-down list.

  5. In the Field list, select Thumbprint to display its value in the view pane.

  6. Select the Thumbprint value in the view pane and then click CTRL+C.

  7. Return to the command prompt window and type the following command: certutil -repairstore my "thumbprint" where thumbprint is the value of the Thumbprint field. Be sure to type the double quotes as part of the command. If the command is successful, the following message is displayed: Encryption test passed CertUtil: = repairstore command completed successfully.


You will need to reissue your SSL certificate, otherwise you will see private key mismatch error. You can regenerate the CSR and apply for the reissue and install the certificate

Related

OpenSSL issues in Debian Wheezy
Exchange server can't receive from AOL; MapiExceptionNamedPropsQuotaExceeded
Sonicwall routing between multiple subnets on multiple interfaces
HP Proliant DL180 G5 server treats 3-TB SATA disks as 750-GB ones
How to upgrade iDRAC firmware and BIOS of Dell PowerEdge R510?
IIS 8.5 - getting error when returning static 404 file
PDU says to ground to rack with "thread making screw".. this is impossible?
Does the additional load on UPS in case of grid failure amount to 100%?
SQL Server 2008 login problem with ASP.NET application: Failed to open the explicitly specified database
Preload Link using Files Directive in .htaccess
Apache Rewrite or Proxy to internal server
Queries passed to SQL Server are getting corrupted