IIS fails after Renewal of SSL certificate – The page cannot be displayed –

Scenario: After a PKI infrastructure migration, we were renewing SSL certificates on webservers, to replace all certificates issued by the old CA, by new certificates provided by the new CA.
Problems arose when we bound the new certificate to an IIS instance; the website on which it was used would stop working.
When you typed in the url of the website, you would simply get a message ” The page could not be displayed”
After using the SSL Diagnostics tool it turned out the private key was missing.
Of course, IIS doesn’t complain about that when you assign the certificate to the website… 😦
So, how did the private key turn up missing?
Well, we generated the certificate using the Web Enrollment page of the internal CA server. Then when you click the generated certificate, is is placed automatically in the Personal certificate Store.
We then just cut-paste the certificate to the Computer certificate Store.
But alas, that doesn’t include the private key then! So, you have to manually Export the ssl certificate from the Personal store, including the privaate key, and then import it into the local Computer certificate store.
Only then will it work for IIS.
Thanks to this article for helping us out


Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: