Installing a certificate without the CSR's originating website in IIS 6

It seems the common method for installing a new SSL certificate for a site on IIS 6 is to create a temporary site, generate a CSR with the parameters of the real site, and then fulfill that CSR when the certificate is given.

This is all well and good, but I foolishly deleted the temporary site too early -- I deleted it after the CSR was generated and before I received the real certificate. I still have the CSR used and the certificate. Is there a way to get IIS to allow me to install this? Can I add the certificate to the registry manually or something? I really don't want to go through another reissue process.

Thanks in advance.


Chances are the private key still exists, but you will have to use certutil to repair the association. I've had to do this a few times myself. The below is from HERE:

To install a Web server certificate that lacks a pending certificate request 1. Click Start, point to Run, type cmd, and then click OK.

  1. Navigate to the directory where Certutil.exe is stored; by default, this is %windir%\system32.

  2. Type the following command at the command prompt: certutil -addstore my certnew.cer where certnew.cer is the name of the certificate you received from the certification authority (CA). You should see the following message: CertUtil: -addstore command completed successfully.

  3. Navigate to the directory where you stored the certificate you received from the CA. Right-click the certificate and then point to Properties.

  4. Click the Details tab and select in the Show drop-down list.

  5. In the Field list, select Thumbprint to display its value in the view pane.

  6. Select the Thumbprint value in the view pane and then click CTRL+C.

  7. Return to the command prompt window and type the following command: certutil -repairstore my "thumbprint" where thumbprint is the value of the Thumbprint field. Be sure to type the double quotes as part of the command. If the command is successful, the following message is displayed: Encryption test passed CertUtil: = repairstore command completed successfully.


You will need to reissue your SSL certificate, otherwise you will see private key mismatch error. You can regenerate the CSR and apply for the reissue and install the certificate