SSL certificate not available in IIS [Answered]RSS

2 replies

Last post Nov 30, 2018 10:59 AM by ijburnell

  • SSL certificate not available in IIS

    Nov 30, 2018 07:55 AM|ijburnell|LINK

    I need to create a 443 https site with SSL certificate for a piece of software. We have a Certificate Authority (which I have little experience) and I've tested creating various machine certificates. On the server in question I can see the machine certificate in MMC but not under IIS. I have tried exporting this key to .PFX file but the radio button to export private key is always greyed out. Therefore I can't export import into IIS. How can I get round this?

  • Re: SSL certificate not available in IIS

    Nov 30, 2018 09:07 AM|GrantCD|LINK

    The certificate needs to be under Local Computer\Personal\Certificates certificate store for IIS to use it.

    The root certificate for the Certificate Authority needs to be in Local Computer\Trusted Root Certification Authorities.

    The certificate needs to be one for websites (if you look in the certificate via MMC it should have an Enhanced Key Usage of Server Authentication).

    If all those things are correct then you should, in IIS, be able to click on your website in the IIS manager, and on the Actions Panel (right-hand side) click Bindings and be able to add an HTTPS binding for your site using that cert.

    There is no import into IIS really. It uses the certs that are in Local Computer\Personal\Certificates, but it does provide a different interface to import certs (rather than MMC) and a way to create and manage cert requests.

    The export private key isn't available either because of the options you chose when you requested the cert (you can decide at request time if you will allow the private key to be exported).

    Hope this helps.

  • Re: SSL certificate not available in IIS

    Nov 30, 2018 10:59 AM|ijburnell|LINK

    Thanks Grant - perfect response - works like a charm