Monday, November 22, 2010

Deleted SSL Certificate Request - Recreate Request

After importing a new certificate, I deleted it because the friendly name was blank. (little did I know that was a known error with a simple fix.) However, I figured I had done something wrong when I installed so I deleted the certificate, which left me with no pending certificate request to complete the install again.

So now, I had to either contact the CA and re-process the request, or somehow get my pending request back. I went for 'get my pending request back'.

After googling for this info, I was able to find some help on this. So these are the steps I did to accomplish this. (Windows 2008 Server/IIS 7)


1. Click Start, point to Run, type cmd, and then click OK.

2. Navigate to the directory where Certutil.exe is stored; by default, this is %windir%\system32.

3. Type the following command at the command prompt: certutil -addstore my "C:\junk\www_sitename_com.cer" *a little note "my" is a part of the command, at first i thought it was part of an example name.

You should see the following message somewhere in the message that follows: CertUtil: -addstore command completed successfully.

4. Get the Thumbprint of the certificate.

5. Start- type 'mmc'. File - Add/Remove Snapin. Add Certificates, Select Local Computer.

6. Next, go to: Certificates - Certificate Enrollment Requests - Certificate. Double-click the certificate.

7. Go to the Details tab, scroll down, copy the weird thumbprint value, paste into Notepad for reference.

8. Return to the Command prompt, type the following command: certutil -repairstore my "xx dd xx xx oo" (include your own thumbprint value in double quotes.)

Go back to the IIS and follow the steps to Complete Certificate request.

And, btw, don't forget to go back to the IIS manager, and select the new certificate for the SSL/HTTPS binding
for the site.

2 comments:

  1. i have just put in a password initially and completely forgotten it, i used a generator and didnt write it down or record it, doh! i'm using a verisign certificate any tips? sites that can help?

    ReplyDelete
  2. you may be able to still dig around and use some of the iis commands, or have to resort re-installing it again.

    ReplyDelete