Ask a Question

Solution ID : SO423

Last Modified : 05/02/2018

Error: The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response certificate using this Wizard

Cause

This problem may occur if any of the following conditions are true:
  • The certificate file is formatted incorrectly or the wrong extension file is being used for the installation
  • A private key mismatch may occur if the private key in Microsoft IIS does not match the certificate you are installing
  • The private key for this certificate has been corrupted, lost, or this is not the server on which the CSR was generated
  • You used the previous CSR upon Renewal
  • The wrong certificate file is being used for the installation

Solution

 
Because there are many causes for this error, please review the methods below and determine which is applicable: 
 
Method 1: Ensure Proper Formatting of the Certificate File  
 
Copy and paste the certificate into a text file (save as .txt) using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file. You should have a text file that looks like:
 
-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----
 
Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
 
 Method 2: Ensure the SSL Certificate Matches the Private Key on Microsoft IIS  
 
Ensure that you do not delete the pending request or generate another CSR in Microsoft IIS after you have submitted the CSR to Symantec.
 
When you generate a CSR, this creates a private key that corresponds to the CSR file. If you delete the pending request and/or generate a new CSR, the existing private key is replaced with the new one. Therefore, when you try to install the SSL certificate, it will not match to the private key.  

Note: If the SSL certificate was manually downloaded from the Symantec Trust Center. Please ensure downloaded SSL certificate is the "latest" certificate issued from Symantec Trust Center account, described in SO8061.
 
 
Method 3: Attempt to restore the pending request if was deleted or not found. Please refer to SO6264
            Note: This only applies to Windows Server 2003 (IIS 6.0), Windows Server 2008 (IIS 7.0) and Windows Server 2008 R2 (IIS 7.5)
 
Method 4: Use of the previous CSR file upon Certificate Renewal  
 
Microsoft IIS 5.0/6.0 will not allow the installation of a SSL certificate without a matching pending request. If you have renewed your SSL certificate and selected the option to use the previous CSR, you will not be able to install your certificate using the IIS Certificate Installation Wizard. Therefore, you will need to create a renewal request from IIS and then replace your certificate. 
 
To create a renewal request for IIS 5.0/6.0, see Step A in solution: SO6213

To replace your SSL certificate, see solution: SO7146 
 
 
Method 5: Replacing the Certificate Due to File Corruption or Deletion  
 
If you cannot install the file because of corruption or because the original Pending Request was deleted and another was created in its place, you must generate a new certificate request and perform a replacement.
 
For Retail SSL certificate, see solution:  SO7146  
For Managed PKI for SSL certificate, see solution: SO4266
 
Note to Trial Certificate customers:   Make sure to remove the pending request and generate a new certificate signing request (CSR) file with a different Organizational Unit (OU) field.  If not, a 1005 - Duplicate ID error will result during the new enrollment.
 
To enroll for a new Trial certificate see solution: SO7040