Because there are many causes for this error, please review the methods below and determine which is applicable:
Method 1: Ensure Proper Formatting of the Certificate File
Copy and paste the certificate into a text file (save as .txt) using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file. You should have a text file that looks like:
Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
Method 2: Ensure the SSL Certificate Matches the Private Key on Microsoft IIS
Ensure that you do not delete the pending request or generate another CSR in Microsoft IIS after you have submitted the CSR.
When you generate a CSR, this creates a private key that corresponds to the CSR file. If you delete the pending request and/or generate a new CSR, the existing private key is replaced with the new one. Therefore, when you try to install the SSL certificate, it will not match to the private key.
If the SSL certificate was manually downloaded from the Trust Center. Please ensure downloaded SSL certificate is the "latest" certificate issued from the Trust Center account, described in SO8061
Method 3: Attempt to restore the pending request if was deleted or not found. Please refer to SO6264
This only applies to Windows Server 2003 (IIS 6.0), Windows Server 2008 (IIS 7.0) and Windows Server 2008 R2 (IIS 7.5)
Method 4: Use of the previous CSR file upon Certificate Renewal
Microsoft IIS 5.0/6.0 will not allow the installation of a SSL certificate without a matching pending request. If you have renewed your SSL certificate and selected the option to use the previous CSR, you will not be able to install your certificate using the IIS Certificate Installation Wizard. Therefore, you will need to create a renewal request from IIS and then replace your certificate.
To create a renewal request for IIS 5.0/6.0, see Step A in solution: SO6213
To replace your SSL certificate, see solution: SO7146
Method 5: Replacing the Certificate Due to File Corruption or Deletion
If you cannot install the file because of corruption or because the original Pending Request was deleted and another was created in its place, you must generate a new certificate request and perform a replacement.
For Retail SSL certificate, see solution: SO7146
For Managed PKI for SSL certificate, see solution: SO4266
Note to Trial Certificate customers: Make sure to remove the pending request and generate a new certificate signing request (CSR) file with a different Organizational Unit (OU) field. If not, a 1005 - Duplicate ID error will result during the new enrollment.
To enroll for a new Trial certificate see solution: SO7040