ssl certificates disappear IIS

ssl iis

This issue happens when the imported cert does not have a private key associated. If someone is trying to import a domain level certificate to IIS, then we cannot import if the certificate does not have a private key associated and will cause certificate disappears on refresh.

Solution would be to import the .CER file to your system(from where certificate is requested) personel store and export it with private key. Then copy the .pfx file to required server and import it from server certificate option under IIS. This would fix the issue.


I have had this problem multiple times. If using a NetworkSolutions SSL the fix is:

  1. Go to MMC Certificate Manager.
  2. View Personal Certificates and delete the certificate that is "Disappearing".
  3. Then view the "Certificate Enrollment Requests" and right click to export.
  4. Select "Yes, export with private key.

This will allow you to export .pfx file that you can import from IIS 7 manager. Remember to go back to MMC Certificate Manager and select "Personal Certificates" and within properties add the "Friendly Name" back in so it shows within the IIS Manager.


A lot of people will get here not realising that they are doing the certificate process wrongly for adding SSL to their public websites. They will have downloaded a certificate from someone like godaddy and not realised they have done it in the wrong order! They wont get any error messages, all that will happen is that the certificate in IIS will disappear as soon as you click to another section.

The correct process is an follows:

  1. In IIS you request a certificate (A LOF OF PEOPLE ARE MISSING THIS PART)
  2. You use the code requested from IIS to request a certificate on the public site (eg godaddy). A lot of people are not doing step one and are using a randomly generated key
  3. Download the certificates that were created using your request code.
  4. you add the intermediate certificate on in the local certificate authority (use MMC to get there)
  5. You add the other certificate in IIS
  6. You configure the bindings

Here are links. Create certificate request

https://www.instantssl.com/ssl-certificate-support/csr-generation/iis-ssl-certificate-7x.html

https://uk.godaddy.com/help/iis-8-install-a-certificate-4951


I had this problem as well and resolved it by using OpenSSL to create the correct .pfx file. Instructions for this can be found here


If the server does not have a private key associated for the imported certificate the certificate disappears on refresh (and also it won't be available for bindings).

You can check in the mmc - Certificates - Personal store, and confirm that the certificate was installed but its missing a private key.

If you have a PFX (private key) and password you can import it (as other said), but if you just made a certificate request probably you won't have it.

Supposing that you are on the correct server (the same where you requested the certificate), probably the private key got corrupted somehow. You can open the public certificate, get the serial number, and try to restore the private key from the key store like described here.

Related

EBS vs SSD definition
How do I get this SQL Server ODBC Connection working?
How to disable RDP access for Administrator
How to handle SSH port changes with Ansible?
Access network share without mapping drive letter (PowerShell)
How to stop Remote Desktop from closing my session due to inactivity?
What are the differences between Floating IPs and Virtual IPs?
Linux hardening - web servers
How to get top command output to show rake arguments?
update-rc.d on Amazon Linux
fstab filesystem type for NTFS -- 'ntfs' or 'ntfs-3g'?
POSTFIX fatal: no SASL authentication mechanisms