Forum Discussion

Frankie1969's avatar
Frankie1969
Copper Contributor
Jan 13, 2022

Install ssl certificate on windows server 2012 R2

I would install a SSL certificate on Windows Server 2012 R2.

I received from SSL/provider 4 files:

  1. mydomain.company.it.csr
  2. mydomain.company.it.key
  3. mydomain_company_it_cert.cer
  4. mydomain_company_it_interm.cer

In IIS i have installed "mydomain_company_it_cert.cer" choosing "Complete Certificate Request".

In this way i can't see certificate from dropdown list when i am trying to binding in IIS.

I have tried to run "certutil -repairstore my xxxxxxxxxxx" but i am constantly prompted for smart card.

This article it doesn't help much , the hot-fix has been removed.

I read this thread but i don't know if have to generated .CSR again at first point of reply.

Any thoughts on how to bypass the smart card and get the repair to complete are appreciated

  • Yes, importing a pfx file gives you a certificate with the private key. (The key sign will be shown then in the certificate store) Perhaps the person who gave you the files can convert his files into a a pfx file using openssl tooling.
  • 1. The Certificate Signing Request
    2. The private key
    3. The Root CA for the certificate I guess?
    4. The intermediate CA for the certificate

    What did you give to the SSL Provider? Only the request I presume. did you create the csr yourself using IIS? If so, then I don't know where you got the key file from? Usually the SSL provider gives you a bundle back with the root and intermediate and a cer file which you can use to complete the request (You should see the certificate in the Computer/Personal certificate store on that server

    • Frankie1969's avatar
      Frankie1969
      Copper Contributor
      All the files were provided to me by the person who handled the request (an administrative).
      I didn't create the .csr file with IIS.

      In IIS as written i have installed "mydomain_company_it_cert.cer" choosing "Complete Certificate Request".
      Yes, i can see the certificate in the Computer/Personal certificate store (with name mydomain.company.it) but if i double click on it, icon does not contain the "key image".
      The certificate has not a private key.

      Thanks for your time.
      • Harm_Veenstra's avatar
        Harm_Veenstra
        MVP
        Complete certificate request is something you can do only when you created the request in IIS yourself. Since someone else did that for you, they have all the data

        You need a pfx file from that person, without it you will never have a certificate in your store to use within IIS

Resources