Ask a Question

Solution ID : SO6264

Last Modified : 05/02/2018

How to restore a pending request in Microsoft IIS if it was deleted or not found?

Solution

When installing a SSL certificate, the following error may appear in the IIS Certificate Wizard:
 
The pending certificate request for this response file was not found.
 
This error indicates that the pending request that was created when originally enrolling or renewing a certificate has been damaged or deleted.
 
It may still be possible to install the certificate from the command line using certutil.exe.
 

The following instructions apply to Windows Server 2003 (IIS 6), 2008 (IIS 7) and 2012 (IIS 8):

  1. Download the SSL certificate & Intermediate CA Certificate from the Symantec Trust Center in X.509 format by selecting Other as the Server Platform.
  2. Open a command prompt (click Start, point to Run, type cmd and then click OK.
  3. Navigate to the folder used in steps 1 and 2, then run the following three commands:

    certutil -addstore my ssl_certificate.cer

    certutil -addstore ca intermediate.cer


    Note: All of the commands should complete successfully with the following message: CertUtil: -addstore command completed successfully.
     
  4. Open a Windows Explorer window, navigate to the folder from steps 1 and 2, double-click the file ssl_certificate.cer.
  5. On the certificate information window that opens, select the Details tab, scroll down and select the Thumbprint field from the list.
  6. The Thumbprint will appear in the box below; select the thumbprint and copy to clipboard (click anywhere in the box, then press Ctrl+A followed by Ctrl+C on the keyboard)



     
  7. Return to the command prompt window and run the following command - paste in the thumbprint as indicated:
    certutil -repairstore my "<thumbprint>"

    The command should similar to:
    certutil -repairstore my "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f"

    If the command completes successfully, the following message will appear:
    CertUtil: -repairstore command completed successfully.

    If the command fails, continue from Step 10
     
  8. The certificate is now installed on to the server and needs to be assigned in IIS.
  9. Depending on the server platform version, refer to one of the following instructions to assign the certificate in IIS:
     
    • Windows Server 2003 (IIS 6), refer to the "Step 1: Installing SSL Certificate into IIS 6.0" section for details.
    • Windows Server 2008 (IIS 7), refer to the "Step 1:  Prepare the server" section, then go to "Step 3: Binding certificate to the web site" for details.
    • Windows Server 2012 (IIS 8), refer to the  "Step 2: Prepare the server" section, then go to "Step 4: Binding certificate to the web site" for details.  
                                                
  10. If the repairstore command from Step 8 fails, one of the following appears instead:

    CertUtil: -repairstore command FAILED: 0x80090011 (-2146893807)
    CertUtil: Object was not found.
    CertUtil: -repairstore command FAILED: 0x8009000b (-2146893811)
    CertUtil: Key does not exist.


    This means that the request has been damaged beyond repair or deleted completely and the certificate cannot be installed. 
    Instead, the certificate needs to be revoked and replaced (generate a new CSR, request a replacement online and install the
    resulting new certificate in to IIS), Please click here for documentation.