Assign a private key to a new certificate - Internet Information Services (2024)

Table of Contents
In this article Summary Assign the existing private key to a new certificate FAQs
  • Article

This article describes how to recover a private key after you use the Certificates Microsoft Management Console (MMC) snap-in to delete the original certificate in Internet Information Services (IIS).

Original product version: Internet Information Services
Original KB number: 889651

Summary

You delete the original certificate from the personal folder in the local computer's certificate store. This article assumes that you have the matching certificate file backed up as a PKCS#7 file, a .cer file, or a .crt file. When you delete a certificate on a computer that's running IIS, the private key isn't deleted.

Assign the existing private key to a new certificate

To assign the existing private key to a new certificate, you must use the Windows Server version of Certutil.exe. To do it, follow these steps:

  1. Sign in to the computer that issued the certificate request by using an account that has administrative permissions.

    See Also
    What Is a PEM File?How to Create a .pem File for SSL Certificate InstallationsDCXCertificate Decoder - Decode certificates to view their contents

  2. Select Start, select Run, type mmc, and then select OK.

  3. On the File menu, select Add/Remove Snap-in.

  4. In the Add/Remove Snap-in dialog box, select Add.

  5. Select Certificates, and then select Add.

  6. In the Certificates snap-in dialog box, select Computer account, and then select Next.

  7. In the Select Computer dialog box, select Local computer: (the computer this console is running on), and then select Finish.

  8. Select Close, and then select OK.

    See Also
    How to create a .pem file for SSL Certificate Installations | Support

  9. In the Certificates snap-in, expand Certificates, right-click the Personal folder, point to All Tasks, and then select Import.

  10. On the Welcome to the Certificate Import Wizard page, select Next.

  11. On the File to Import page, select Browse.

  12. In the Open dialog box, select the new certificate, select Open, and then select Next.

  13. On the Certificate Store page, select Place all certificates in the following store, and then select Browse.

  14. In the Select Certificate Store dialog box, select Personal, select OK, select Next, and then select Finish.

  15. In the Certificates snap-in, double-click the imported certificate that is in the Personal folder.

  16. In the Certificate dialog box, select the Details tab.

  17. Select Serial Number in the Field column of the Details tab, highlight the serial number, and then write down the serial number.

  18. Select Start, select Run, type cmd, and then select OK.

  19. At the command prompt, type the following command:

    certutil -repairstore my "SerialNumber"

    SerialNumber is the serial number that you wrote down in step 17.

  20. In the Certificates snap-in, right-click Certificates, and then select Refresh.

The certificate now has an associated private key.

You can now use the IIS MMC to assign the recovered keyset (certificate) to the web site that you want.

Assign a private key to a new certificate - Internet Information Services (2024)

FAQs

How do I assign a private key to a new certificate? ›

Assign the existing private key to a new certificate

Select Start, select Run, type mmc, and then select OK. On the File menu, select Add/Remove Snap-in. In the Add/Remove Snap-in dialog box, select Add. Select Certificates, and then select Add.

Read On
How do I add a private key in IIS? ›

Open the Local Machine Certificate Store
  1. Click Start → Run, type mmc and select OK.
  2. Go to the File menu and select Add/Remove Snap in.
  3. Select Certificates from the Add or Remove Snap-ins box and click Add.
  4. Select Computer Account and click Next.
  5. Select Local Computer and click Finish.

Discover More Details
How do I get a private key from a certificate IIS? ›

In the center pane, right-click on the certificate that you want to export/back up and then click All Tasks > Export. In the Certificate Export Wizard, on the Welcome to the Certificate Export Wizard page, click Next. On the Export Private Key page, select Yes, export the private key, and then, click Next.

Continue Reading
Can I generate a new private key for my SSL certificate? ›

You can accomplish this in one of the following ways: If you don't yet have a private key and a corresponding certificate, generate a private key in an HSM. You use the private key to create a certificate signing request (CSR), which you use to create the SSL/TLS certificate.

See Details
How do I create a private key? ›

To generate an SSH private/public key pair for your use, you can use the ssh-keygen command-line utility. You can run the ssh-keygen command from the command line to generate an SSH private/public key pair. If you are using Windows, by default you may not have access to the ssh-keygen command.

Find Out More
Where is the private key in a certificate? ›

Both codes are generated in pair on the hosting server for the website. Thus, the Private key for the issued certificate can only be found on server (application) where you generated the CSR code used during the activation stage.

Tell Me More
How do I add a private key to keystore certificate? ›

You cannot directly import private key information to a keystore using keytool . You must convert the certificate and private key into a PKCS12 ( . p12 ) file, and then you can import the PKCS12 file to your keystore. where the [password] is the password you specified when you created the private key.

Show Me More
How to add private key in ssh command? ›

Step 1 Create and Copy Private Key to remote VM
  1. Copy private key to new file called centos7template01.txt.
  2. Type ls to verify file is there.
  3. Copy file to remote VM.
  4. Type yes to connect and transfer file.
  5. SSH into remote VM (Cent7-07)
  6. Type ls to confirm file copied successfully.

Explore More
Why doesn t my certificate have a private key? ›

A missing private key could mean: The certificate is not being installed on the same server that generated the CSR. The pending request was deleted from IIS. The certificate was installed through the Certificate Import Wizard rather than through IIS.

Continue Reading
How to generate SSL certificate and private key Windows? ›

Right-click the openssl.exe file and select Run as administrator. Enter the following command to begin generating a certificate and private key: req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey. key -out certificate.

Show Me More

Is a private key required to install certificate? ›

A private key is NOT required to install self-signed certificates on Android. What is required is that the certificate be a CA certificate. That means that the x. 509 'Basic Constraints' extension MUST have the code "CA:true" present in the certificate AFTER it is generated.

Read The Full Story
Does a certificate contain a private key? ›

A certificate is a trusted document that contains a public key and other data of the respective private key owner.

See Details
How to generate SSL certificate? ›

How to Get an SSL Certificate in 7 Simple Steps
  1. Have the Correct Website Information.
  2. Decide Which SSL Certificate You Need.
  3. Choose a Certificate Authority.
  4. Generate a Certificate Signing Request (CSR)
  5. Submit the CSR to Your Certificate Authority.
  6. Await Validation by Your Certificate Authority.
  7. Install Your SSL Certificate.
Jan 5, 2023

Get More Info Here
How to match SSL certificate with private key? ›

You can check if an SSL certificate matches a Private Key by using the 3 easy commands below.
  1. For your SSL certificate: openssl x509 –noout –modulus –in <file>.crt | openssl md5.
  2. For your RSA private key: openssl rsa –noout –modulus –in <file>.key | openssl md5.

Continue Reading
How do I import a private key into keystore? ›

Import Key Pair to Java Keystore
  1. Build the certificate chain and convert the private key and certificate files into a PKCS12 file. ...
  2. Import the PKCS12 file into Java keystore: Copy keytool -importkeystore -srckeystore server.p12 -destkeystore store.keys -srcstoretype pkcs12 -alias shared.

View More
Does every certificate have a private key? ›

All TLS certificates require a private key to work. The private key is a separate file that's used in the encryption/decryption of data sent between your server and the connecting clients.

View Details
Top Articles
How to move Google Authenticator to your new iPhone | AppleInsider
Google Authenticator now supports Google Account synchronization
Thegirlava
Rtmp Live Stream Highwebmedia Com Live Origin
Latest Posts
Turn on 2-Step Verification - Computer
Google 2-step Verification - Setting up alternate second steps
Article information

Author: Fredrick Kertzmann

Last Updated:

Views: 6113

Rating: 4.6 / 5 (66 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Fredrick Kertzmann

Birthday: 2000-04-29

Address: Apt. 203 613 Huels Gateway, Ralphtown, LA 40204

Phone: +2135150832870

Job: Regional Design Producer

Hobby: Nordic skating, Lacemaking, Mountain biking, Rowing, Gardening, Water sports, role-playing games

Introduction: My name is Fredrick Kertzmann, I am a gleaming, encouraging, inexpensive, thankful, tender, quaint, precious person who loves writing and wants to share my knowledge and understanding with you.