Ask a Question

Solution ID : SO22029

  • WSS

Error: "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." when installing certificate using Microsoft IIS 7.0

Problem

When installing a certificate using Microsoft IIS 7.0 Manager, you may receive the following error message even though the certificate is installed:

Note:  The certificate may still install successfully, in spite of the error message.

Cause

This issue occurs because IIS Manager performs a lookup operation to look for a friendly name of the certificate during the installation. However, the code that performs this lookup operation misses this specific case, and it does not know how to retrieve the friendly name of a certificate in a PKCS#7 file. Therefore, the lookup operation fails, and the error message is displayed.

This is a known issue with IIS 7.0.  Please see the following Microsoft Knowledge Base Article regarding this issue: http://support.microsoft.com/kb/959216

Solution

To resolve this problem, check if the certificate is installed by performing the following steps:

Step 1: Create a 'Certificates' snap-in within the MMC

From IIS Web Server:

  1. Click Start > Run > type MMC
  2. From the Microsoft Management Console (MMC), click  File > Add/Remove Snap-in
  3. From the list of snap-ins, select Certificates
  4. Click Add
  5. Select Computer Account
  6. Click Next
  7. Select Local Computer (the computer this console is running on)
  8. Click Finish
  9. In the Add/Remove Snap-in window, click OK


Step 2: Locate the SSL certificate

  1. Go to Personal > Certificates
  2. Right-click the SSL Certificate
  3. Select Properties
  4. Enter a Friendly Name value
  5. Click Apply, then click OK
  6. Go back to Personal > Certificates
  7. Double-click on the SSL certificate

On the General tab, under the validity dates, there should be a key with the following message:
 
"You have a private key that corresponds to this certificate"
NOTE: If this is present, close the certificate and the MMC and proceed to Step 3. If there is no reference to the private key, please follow these instructions to restore the private key.

If unable to restore the private key, the certificate will need to be replaced.

If the certificate needs to be replaced, please create a new CSR on the server. Once the new CSR has been created, please submit the new CSR with a Replace request.


Step 3: Bind the SSL certificate to the web site in IIS

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to Server name > Sites > SSL-based site
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, choose Add (or Edit if an https binding already exists)
  5. From the Add/Edit Site Bindings window, provide the binding type
  6. Select the SSL certificate that will be used for the site
  7. Click OK