How to fix Certificate Disappearing problem in IIS

How to fix Certificate Disappearing problem in IIS 7 or later. Certificate is not showing in IIS. certificate disappear. Certificate Disappears. SSL Certificate Disappears. Cannot see certificate in IIS

Background

I am considering you already created Certificate Request (CSR) using IIS and got certificate from your certificate provider and also added .p7b file to your Trusted Root Certification Authorities.

Problem description

When user performs Complete Certificate Request then it shows a certificate in Server Certificates window. If user refreshes the page or go to binding’s window then certificate is not visible there.

Possible cause

The certificate we want to add is not contain the private key. To work properly we need both private and public key.

Solution

We can use Import instead of Complete Certificate Request.
If we go for import then it requires .pfx file (PKCS #12).

Generally certificate provider provides 3 files like following (.crt, .p7b and bundle)
How to fix Certificate Disappearing problem in IIS

Now we need to install Open SSL to our machine so that we can generate .pfx from our certificate file.

Required Software

Open SSL
We can download it from here http://www.slproweb.com/products/Win32OpenSSL.html

Generating .pfx file from certificate

We can use following command to generate .pfx file
openssl pkcs12 -export -in demo.com.crt -inkey my.key -certfile demo.com.ca-bundle -out my.pfx
Right now we don’t have .key file. Now we need to generate a key file from.

Generating a private key file

We can use following open ssl command to generate key file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out my.key

But here we need to generate filename.pfx file from CSR request. Consider following step to generate .pfx file from CSR.

Generating .pfx file from CSR

Here we need .pfx file from CRS to generate key file. We can get pfx file in following way.
> Go to run
> write mmc
> Go to File > Add remove snap > Select Certificate > Add > Select Computer Account > Next > Local Computer > Finish > OK
> Expand Certificates (Local Computer)
> Go to Certificate Enrollment Requests Node and Expand it
> Select your requested certificate
> Right click > All Tasks > Export > Next > “Yes, export the private key” > Next > Provide Password
> Give a filename to save it
> Now you have pfx file from your request. I am considering its name is “filename.pfx”

Now we can run following command and can generate .key file.

openssl pkcs12 -in filename.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out my.key

After executing above command we will get my.key file.
Now we have all to execute following command to get pfx file from certificate.

openssl pkcs12 -export -in demo.com.crt -inkey my.key -certfile demo.com.ca-bundle -out my.pfx

After executing above command we will have my.pfx file and we can use it to import certificate in IIS.