NOTE: The certificate may still install successfully, in spite of the error message.
This issue occurs because IIS Manager performs a lookup operation to look for a friendly name of the certificate during the installation. However, the code that performs this lookup operation misses this specific case, and it does not know how to retrieve the friendly name of a certificate in a PKCS#7 file. Therefore, the lookup operation fails, and the error message is displayed.
This is a known issue with IIS 7. Please see Microsoft Knowledge Base Article 959216.
To resolve this problem, check if the certificate is installed by performing the following steps:
Step 1: Create a 'Certificates' snap-in within the MMC
From IIS Web Server:
- Click Start > Run > type MMC
- From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
- From the list of snap-ins, select Certificates
- Click Add
- Select Computer Account
- Click Next
- Select Local Computer (the computer this console is running on)
- Click Finish
- In the Add/Remove Snap-in window, click OK
Step 2: Locate the SSL certificate
- Go to Personal > Certificates
- Right-click the SSL Certificate
- Select Properties
- Enter a Friendly Name value
- Click Apply, then click OK
- Go back to Personal > Certificates
- Double-click on the SSL certificate
On the General tab, under the validity dates, there should be a key with the following message:
"You have a private key that corresponds to this certificate"
NOTE: If this is present, close the certificate and the MMC and proceed to Step 3. If there is no reference to the private key, please follow these instructions to restore the private key. please follow these instructions to restore the private key
If unable to restore the private key, the certificate will need to be replaced.
Step 3: Bind the SSL certificate to the web site in IIS
- Click Start > Administrative Tools > Internet Information Services (IIS) Manager
- Browse to Server name > Sites > SSL-based site
- From the Actions pane, choose Bindings
- In the Site Bindings window, choose Add (or Edit if an https binding already exists)
- From the Add/Edit Site Bindings window, provide the binding type
- Select the SSL certificate that will be used for the site
- Click OK