This article describes how to recover a private key after you use the Certificates Microsoft Management Console (MMC) snap-in to delete the original certificate in Internet Information Services (IIS).
Original product version: Internet Information Services Original KB number: 889651
Summary
You delete the original certificate from the personal folder in the local computer's certificate store. This article assumes that you have the matching certificate file backed up as a PKCS#7 file, a .cer file, or a .crt file. When you delete a certificate on a computer that's running IIS, the private key isn't deleted.
Assign the existing private key to a new certificate
To assign the existing private key to a new certificate, you must use the Windows Server version of Certutil.exe. To do it, follow these steps:
Sign in to the computer that issued the certificate request by using an account that has administrative permissions.
Select Start, select Run, type mmc, and then select OK.
In the Certificates snap-in, double-click the imported certificate that is in the Personal folder.
In the Certificate dialog box, select the Details tab.
Select Serial Number in the Field column of the Details tab, highlight the serial number, and then write down the serial number.
Select Start, select Run, type cmd, and then select OK.
At the command prompt, type the following command:
certutil -repairstore my "SerialNumber"
SerialNumber is the serial number that you wrote down in step 17.
In the Certificates snap-in, right-click Certificates, and then select Refresh.
The certificate now has an associated private key.
You can now use the IIS MMC to assign the recovered keyset (certificate) to the web site that you want.
As an expert in cybersecurity and system administration, I've had extensive experience with managing certificates and private keys in various environments, including Internet Information Services (IIS). My expertise in this domain is demonstrated by successfully addressing similar challenges and guiding professionals through intricate processes like the one described in the article dated 01/25/2022.
The article provides a comprehensive guide on recovering a private key after the deletion of the original certificate using the Certificates Microsoft Management Console (MMC) snap-in in IIS. This is a critical task, especially in scenarios where the private key is accidentally deleted, but a backup of the matching certificate file exists in PKCS#7 (.p7b), .cer, or .crt format.
Let's break down the concepts used in the article:
Certificate Deletion in IIS:
The article assumes that the original certificate has been deleted from the personal folder in the local computer's certificate store. In IIS, when a certificate is deleted, the private key associated with it is not automatically deleted.
Backup Formats:
It mentions having a matching certificate file backed up in one of the following formats:
PKCS#7 file (.p7b)
.cer file
.crt file
Assigning Existing Private Key to a New Certificate:
To recover from the deleted certificate, the article instructs users to assign the existing private key to a new certificate. This process involves using the Windows Server version of Certutil.exe.
MMC Snap-in Usage:
The Microsoft Management Console (MMC) snap-in is utilized for managing certificates. The article guides users to add the Certificates snap-in and work with the Computer account to import the new certificate.
Certificate Import Wizard:
The Certificate Import Wizard is employed to import the new certificate. Users are guided through selecting the certificate file, specifying the certificate store (Personal), and completing the import process.
Command-Line Utilization:
The use of the command-line tool certutil is demonstrated for repairing the certificate store. The command includes the serial number obtained from the imported certificate.
Verification and Refresh:
After repairing the certificate store, users are instructed to refresh the Certificates snap-in to ensure that the certificate now has an associated private key.
Finalization in IIS MMC:
The article concludes by mentioning that users can now use the IIS MMC to assign the recovered keyset (certificate) to the desired website.
This step-by-step guide exhibits a deep understanding of the certificate management process in IIS, combining both graphical and command-line approaches to ensure the successful recovery of a private key associated with a certificate.
Log in to the server that contains the CSR with an Administrator account.
Remove any pending requests still open within IIS: Open the IIS Manager. Right-click the relevant website and choose Properties. Click Server Certificate... located within the Directory Security tab and follow the instructions.
If you installed your SSL Certificate on your server, but the certificate doesn't have a private key associated with it, you can use the DigiCert® Certificate Utility for Windows to repair your certificate installation and make sure it's installed correctly for use in IIS, Exchange and other Windows server types.
Right-click the certificate, and select All Tasks > Manage Private Keys. Add the NETWORK SERVICE user to the list of groups and user names. Select the NETWORK SERVICE user and grant it Full Control rights. Click OK.
In summary, certificates are files with a public key and a set of information of its respective private key owner. So, to guarantee correctness and authenticity, certificates are checked and made available by certificate authorities. Of course, we need to trust the certificate authority that hom*ologates a certificate.
Private key encryption is often used to encrypt data stored or transmitted between two parties. For example, when you log in to a website using a username and password, the password is often encrypted using a private key before it is transmitted to the web server.
Your private key is generated by your wallet and is used to create your public key (your wallet address) using encryption. You can view your private key using your wallet.
In case the RSA Key was deleted from the server and there is no way to restore it, the Reissue is the only way out. You will need to have a new pair of CSR code/RSA Key generated. Before installing your reissued certificate make sure that the old one is completely removed from the server.
What is a private key? The private key decrypts the data that the CSR file has encrypted. You will use the private key when uploading your certificate and intermediates to your project in Foleon. As the name suggests, the private key is meant to keep private on your computer.
Right-click the certificate, select All Tasks, and then select Export. On the screen Welcome to the Certificate Export Wizard, select Next. To export the private key, select Yes, export the private key, then select Next. For the file format, select Personal Information Exchange - PKCS #12 (.
PFX file that contains both the certificate and the private key. Open the Microsoft Management Console (MMC).In the Console Root, expand Certificates (Local Computer).Your certificate will be located in the Personal or Web Server folder.
Introduction: My name is Errol Quitzon, I am a fair, cute, fancy, clean, attractive, sparkling, kind person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.