Create a public private key pair for certificate in IIS

rsa ssl-certificate iis

Solution 1:

On modern versions of IIS, start the IIS Manager console, click your server in the left pane, then double click "Server Certificates" in the right pane. Now you'll notice in the far right pane, you have an option to "Create Certificate Request" and "Complete Certificate Request".

So once you have created the CSR, take it to the Certificate Authority and they will either grant it or deny it.

The key here (no pun intended) is that the private key is generated when you create the CSR, and therefore the only host that has the private key that corresponds to that CSR right now is the web server on which you created the CSR. So you can only complete the certificate request on the same server. Assuming the Certificate Authority grants your request, the signed response that you get back from the CA will be bound with your private key at the time that you complete the certificate request.

Once you've completed the certificate request, open an MMC console and add the Certificates snapin and locate the certificate that you just received. You can see that you have a corresponding private key for this certificate because it has a little key on its icon. Right click and export it, and make sure that you export the private key with it. The wizard should ask you to password protect the file.

You can now take this exported certificate, with its private key, to any other server you like. Be very careful with this file, as it contains both the public and private key for this certificate so you obviously want to keep it safe.

Solution 2:

If your SSL certificate does not have a private key associated with it there is a command line repair utility that will reassociate the private key with the imported certificate:

Find the certificate in the respective store and double click on it. Go to the details tab and copy down the serial number. Open an administrative command prompt and run the following command:

certutil -repairstore my "SerialNumber"

Insert the serial number exactly as listed. Once the utility runs refresh the MMC snap-in and you should now see the key symbol in the upper left corner indicating the private key is associated with the new certificate.

Related

Check free disk space using Batch commands
Postfix auto create Maildir
How can I install a custom (patched) PECL extension?
Using Amazon RDS (or similar) as a slave
"No space left on device" error when writing certain session filenames
Repeat monit alerts
What DBus signal is sent on system suspend?
Apache, SSL Client certificate, LDAP authorizations
How to rewrite email subject in postfix for outgoing mail if From contains specific address?
iptables preroute localhost
Setting up FQDN in sendmail [closed]
How do I migrate Amazon EC2 Windows AMI (or instances) from one region to another?