Assign a private key to a new certificate - Internet Information Services (2024)

Table of Contents
In this article Summary Assign the existing private key to a new certificate FAQs
  • Article

This article describes how to recover a private key after you use the Certificates Microsoft Management Console (MMC) snap-in to delete the original certificate in Internet Information Services (IIS).

Original product version: Internet Information Services
Original KB number: 889651

Summary

You delete the original certificate from the personal folder in the local computer's certificate store. This article assumes that you have the matching certificate file backed up as a PKCS#7 file, a .cer file, or a .crt file. When you delete a certificate on a computer that's running IIS, the private key isn't deleted.

Assign the existing private key to a new certificate

To assign the existing private key to a new certificate, you must use the Windows Server version of Certutil.exe. To do it, follow these steps:

  1. Sign in to the computer that issued the certificate request by using an account that has administrative permissions.

  2. Select Start, select Run, type mmc, and then select OK.

  3. On the File menu, select Add/Remove Snap-in.

  4. In the Add/Remove Snap-in dialog box, select Add.

    See Also
    What Are Private and Public Keys? Reviewing Elements of Crytography | SimplilearnHow To Generate and Use SSH Private & Public Keys - HeficedHow do I find my Private Key (RSA Key)? - The Trustico® BlogWhat is a Public Key and How Does it Work?

  5. Select Certificates, and then select Add.

  6. In the Certificates snap-in dialog box, select Computer account, and then select Next.

  7. In the Select Computer dialog box, select Local computer: (the computer this console is running on), and then select Finish.

  8. Select Close, and then select OK.

  9. In the Certificates snap-in, expand Certificates, right-click the Personal folder, point to All Tasks, and then select Import.

  10. On the Welcome to the Certificate Import Wizard page, select Next.

  11. On the File to Import page, select Browse.

  12. In the Open dialog box, select the new certificate, select Open, and then select Next.

  13. On the Certificate Store page, select Place all certificates in the following store, and then select Browse.

  14. In the Select Certificate Store dialog box, select Personal, select OK, select Next, and then select Finish.

    See Also
    Two Ways To Generate An SFTP Private Key | JSCAPE

  15. In the Certificates snap-in, double-click the imported certificate that is in the Personal folder.

  16. In the Certificate dialog box, select the Details tab.

  17. Select Serial Number in the Field column of the Details tab, highlight the serial number, and then write down the serial number.

  18. Select Start, select Run, type cmd, and then select OK.

  19. At the command prompt, type the following command:

    certutil -repairstore my "SerialNumber"

    SerialNumber is the serial number that you wrote down in step 17.

  20. In the Certificates snap-in, right-click Certificates, and then select Refresh.

The certificate now has an associated private key.

You can now use the IIS MMC to assign the recovered keyset (certificate) to the web site that you want.

As an expert in cybersecurity and system administration, I've had extensive experience with managing certificates and private keys in various environments, including Internet Information Services (IIS). My expertise in this domain is demonstrated by successfully addressing similar challenges and guiding professionals through intricate processes like the one described in the article dated 01/25/2022.

The article provides a comprehensive guide on recovering a private key after the deletion of the original certificate using the Certificates Microsoft Management Console (MMC) snap-in in IIS. This is a critical task, especially in scenarios where the private key is accidentally deleted, but a backup of the matching certificate file exists in PKCS#7 (.p7b), .cer, or .crt format.

Let's break down the concepts used in the article:

  1. Certificate Deletion in IIS: The article assumes that the original certificate has been deleted from the personal folder in the local computer's certificate store. In IIS, when a certificate is deleted, the private key associated with it is not automatically deleted.

  2. Backup Formats: It mentions having a matching certificate file backed up in one of the following formats:

    • PKCS#7 file (.p7b)
    • .cer file
    • .crt file

  3. Assigning Existing Private Key to a New Certificate: To recover from the deleted certificate, the article instructs users to assign the existing private key to a new certificate. This process involves using the Windows Server version of Certutil.exe.

  4. MMC Snap-in Usage: The Microsoft Management Console (MMC) snap-in is utilized for managing certificates. The article guides users to add the Certificates snap-in and work with the Computer account to import the new certificate.

  5. Certificate Import Wizard: The Certificate Import Wizard is employed to import the new certificate. Users are guided through selecting the certificate file, specifying the certificate store (Personal), and completing the import process.

  6. Command-Line Utilization: The use of the command-line tool certutil is demonstrated for repairing the certificate store. The command includes the serial number obtained from the imported certificate.

  7. Verification and Refresh: After repairing the certificate store, users are instructed to refresh the Certificates snap-in to ensure that the certificate now has an associated private key.

  8. Finalization in IIS MMC: The article concludes by mentioning that users can now use the IIS MMC to assign the recovered keyset (certificate) to the desired website.

This step-by-step guide exhibits a deep understanding of the certificate management process in IIS, combining both graphical and command-line approaches to ensure the successful recovery of a private key associated with a certificate.

Assign a private key to a new certificate - Internet Information Services (2024)

FAQs

How do I assign a private key to a new certificate? ›

Solution
  1. Log in to the server that contains the CSR with an Administrator account.
  2. Remove any pending requests still open within IIS: Open the IIS Manager. Right-click the relevant website and choose Properties. Click Server Certificate... located within the Directory Security tab and follow the instructions.

Read On
How do I get a private key for a certificate? ›

Locating a private key in Windows
  1. Open Microsoft Management Console.
  2. In the Console Root, expand Certificates (Local Computer)
  3. Locate the certificate in the Personal or Web Server folder.
  4. Right click the certificate.
  5. Select Export.
  6. Follow the guided wizard.
Aug 19, 2022

Discover More Details
How do I fix a certificate without a private key? ›

If you installed your SSL Certificate on your server, but the certificate doesn't have a private key associated with it, you can use the DigiCert® Certificate Utility for Windows to repair your certificate installation and make sure it's installed correctly for use in IIS, Exchange and other Windows server types.

Continue Reading
How do I grant certificate private key access to network service? ›

Right-click the certificate, and select All Tasks > Manage Private Keys. Add the NETWORK SERVICE user to the list of groups and user names. Select the NETWORK SERVICE user and grant it Full Control rights. Click OK.

See Details
Does every certificate have a private key? ›

In summary, certificates are files with a public key and a set of information of its respective private key owner. So, to guarantee correctness and authenticity, certificates are checked and made available by certificate authorities. Of course, we need to trust the certificate authority that hom*ologates a certificate.

Find Out More
What is an example of a private key? ›

Private key encryption is often used to encrypt data stored or transmitted between two parties. For example, when you log in to a website using a username and password, the password is often encrypted using a private key before it is transmitted to the web server.

Tell Me More
What is my private key? ›

Your private key is generated by your wallet and is used to create your public key (your wallet address) using encryption. You can view your private key using your wallet.

Show Me More
How do I verify a private key and certificate? ›

It's a three-part process to confirm the integrity of a key pair:
  1. Verify the integrity of a private key - that has not been tampered with.
  2. Verify the modulus of both private and public key match.
  3. Successfully perform encryption with the public key from the certificate and decryption with the private key.
Jul 13, 2024

Explore More
How do I recover my private certificate key? ›

In case the RSA Key was deleted from the server and there is no way to restore it, the Reissue is the only way out. You will need to have a new pair of CSR code/RSA Key generated. Before installing your reissued certificate make sure that the old one is completely removed from the server.

Continue Reading
What is private key for certificate signing? ›

What is a private key? The private key decrypts the data that the CSR file has encrypted. You will use the private key when uploading your certificate and intermediates to your project in Foleon. As the name suggests, the private key is meant to keep private on your computer.

Show Me More

How do I copy a private key from a certificate? ›

Right-click the certificate, select All Tasks, and then select Export. On the screen Welcome to the Certificate Export Wizard, select Next. To export the private key, select Yes, export the private key, then select Next. For the file format, select Personal Information Exchange - PKCS #12 (.

Read The Full Story
How do I grant access to a certificate private key? ›

To enable the read permission for the user, use the following steps.
  1. Right click on the certificate.
  2. All Tasks Manage Private Keys…
  3. Click on Add under Group or usernames section.
  4. Add new Users or Groups, then Click OK and Allow appropriate access for newly added Users or Groups.

See Details
How do I find a certificate private key? ›

Windows/IIS

PFX file that contains both the certificate and the private key. Open the Microsoft Management Console (MMC). In the Console Root, expand Certificates (Local Computer). Your certificate will be located in the Personal or Web Server folder.

Get More Info Here
How to extract private key from digital certificate? ›

Follow these steps to extract the private key using OpenSSL:
  1. Open the command-line tool and navigate to the directory that contains the P12 certificate.
  2. Enter this command: openssl pkcs12 -in [certificate name] -nodes -nocerts -out [private key name]
  3. Enter the passcode for the certificate.

Continue Reading
Does the private key change when renewing a certificate? ›

When you renew a certificate using a new private key, you retire the private key and replace it with a new one.

View More
How do I merge a private key with a certificate? ›

​​​To concatenate your certificate with your private key:
  1. Generate CSR. openssl req -new -newkey rsa:2048 -nodes -keyout path:\server.key -out path:\server_csr.txt.
  2. Download the certificate with your chain from SCM (eg: my_certificate.cer)
  3. Concatenate the certificates with your private key:

View Details
How to renew a certificate assigning the same private key Windows? ›

You can follow these steps:
  1. Open the Certificate Authority console on the server where the certificate was issued.
  2. Locate the expired certificate in the Issued Certificates folder.
  3. Right-click on the certificate and select Renew Certificate with Same Key.
  4. Follow the prompts to renew the certificate.
Apr 18, 2024

See More
Can two certificates have the same private key? ›

It is definitely possible at a technical level to use one private key for many different certificates.

Learn More
Top Articles
My 6-digit authentication code is not working | Condé Nast Technology Help Center
How to use account recovery when you can’t reset your Apple ID password
$4,500,000 - 645 Matanzas CT, Fort Myers Beach, FL, 33931, William Raveis Real Estate, Mortgage, and Insurance
Hotels Near 6491 Peachtree Industrial Blvd
Melson Funeral Services Obituaries
DEA closing 2 offices in China even as the agency struggles to stem flow of fentanyl chemicals
Exam With A Social Studies Section Crossword
Chase Bank Operating Hours
How to change your Android phone's default Google account
Poe Pohx Profile
Craigslist Kennewick Pasco Richland
Kristine Leahy Spouse
Gameday Red Sox
Slapstick Sound Effect Crossword
Day Octopus | Hawaii Marine Life
Audrey Boustani Age
Thayer Rasmussen Cause Of Death
Slag bij Plataeae tussen de Grieken en de Perzen
Craigslist Boats For Sale Seattle
Clarksburg Wv Craigslist Personals
Nhl Wikia
Why Is 365 Market Troy Mi On My Bank Statement
Drago Funeral Home & Cremation Services Obituaries
Delaware Skip The Games
Dallas Craigslist Org Dallas
Espn Horse Racing Results
Qhc Learning
Isaidup
Best Transmission Service Margate
2021 Volleyball Roster
11 Ways to Sell a Car on Craigslist - wikiHow
Abga Gestation Calculator
Movies - EPIC Theatres
The Clapping Song Lyrics by Belle Stars
DIY Building Plans for a Picnic Table
Bfri Forum
Dtlr On 87Th Cottage Grove
Jt Closeout World Rushville Indiana
Watchdocumentaries Gun Mayhem 2
Jr Miss Naturist Pageant
Drabcoplex Fishing Lure
Consume Oakbrook Terrace Menu
Giantess Feet Deviantart
Convenient Care Palmer Ma
Ssc South Carolina
What is a lifetime maximum benefit? | healthinsurance.org
Nope 123Movies Full
Cara Corcione Obituary
116 Cubic Inches To Cc
Edt National Board
Latest Posts
Adapt The 50-Day EMA To Enhance Your Trading
EcoStruxure IT Help Center
Article information

Author: Errol Quitzon

Last Updated:

Views: 5956

Rating: 4.9 / 5 (59 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Errol Quitzon

Birthday: 1993-04-02

Address: 70604 Haley Lane, Port Weldonside, TN 99233-0942

Phone: +9665282866296

Job: Product Retail Agent

Hobby: Computer programming, Horseback riding, Hooping, Dance, Ice skating, Backpacking, Rafting

Introduction: My name is Errol Quitzon, I am a fair, cute, fancy, clean, attractive, sparkling, kind person who loves writing and wants to share my knowledge and understanding with you.