Posts Tagged ‘Certificates SSL’

IIS fails after Renewal of SSL certificate – The page cannot be displayed –

February 8, 2012

Scenario: After a PKI infrastructure migration, we were renewing SSL certificates on webservers, to replace all certificates issued by the old CA, by new certificates provided by the new CA.
Problems arose when we bound the new certificate to an IIS instance; the website on which it was used would stop working.
When you typed in the url of the website, you would simply get a message ” The page could not be displayed”
After using the SSL Diagnostics tool it turned out the private key was missing.
Of course, IIS doesn’t complain about that when you assign the certificate to the website… 😦
So, how did the private key turn up missing?
Well, we generated the certificate using the Web Enrollment page of the internal CA server. Then when you click the generated certificate, is is placed automatically in the Personal certificate Store.
We then just cut-paste the certificate to the Computer certificate Store.
But alas, that doesn’t include the private key then! So, you have to manually Export the ssl certificate from the Personal store, including the privaate key, and then import it into the local Computer certificate store.
Only then will it work for IIS.
Thanks to this article for helping us out

Advertisements