Summary: When processing an SSL certificate response in IIS, a private key is not generated with the certificate and, therefore, SSL does not function on the site. IIS and Certificates.mmc believe there is a private key, but when I try to export one it fails with "The associated private key cannot be found". Details below.
Symptoms: In IIS's "Web Server Certificate Wizard" I am able to complete the "Process the Pending Request" step as expected. Afterwards, however, the website properties do not allow me to "View Certificate". If I return to the wizard it acts as though I don't have a certificate. If I choose "Assign an existing certificate" and select the recently imported certificate, however, then I am unable to connect to the site via HTTPS ("Internet Explorer cannot display the webpage").
Private Key: If I view the certificate in the MMC Certificates snap-in, I can see the certificate. If I open it, I am informed "You have a private key that corresponds to this certificate". When I try to export it, however, the option to export the private key is disabled; the dialogue box notes: "The associated private key cannot be found. Only the certificate can be exported."
Troubleshooting: Clearly, the processing of the SSL certificate response is failing - but why? No error is provided when processing the response, nor does the event log contain any relevent errors or warnings. I've tried this with both self-signed certificates as well as a GeoTrust-issued certificate; same result.
Note: This server contains a number of SSL sites. I can use certificates issued in the past or which have been imported (with private keys) from other servers without a problem; the ports, router, bindings, etc are setup properly. Using a newly issued certificate, however, fails. I could work around this by requesting/processing the certificate on another server; as this is our primary web server, however, I'd like to resolve the underlying issue.
Tyrven