DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Error: "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." when installing certificate using Microsoft IIS 7

Solution ID : SO12089
Last Modified : 09/17/2024

Scenario

When installing a certificate using Microsoft IIS 7 Manager, you may receive the following error message even though the certificate is installed:

NOTE: The certificate may still install successfully, in spite of the error message.

Cause

This issue occurs because IIS Manager performs a lookup operation to look for a friendly name of the certificate during the installation.  However, the code that performs this lookup operation misses this specific case, and it does not know how to retrieve the friendly name of a certificate in a PKCS#7 file.  Therefore, the lookup operation fails, and the error message is displayed.

This is a known issue with IIS 7. Please see Microsoft Knowledge Base Article 959216.

Solution

To resolve this problem, check if the certificate is installed by performing the following steps:

Step 1: Create a 'Certificates' snap-in within the MMC

From IIS Web Server:

  1. Click Start > Run > type MMC
  2. From the Microsoft Management Console (MMC), click  File > Add/Remove Snap-in
  3. From the list of snap-ins, select Certificates
  4. Click Add
  5. Select Computer Account
  6. Click Next
  7. Select Local Computer (the computer this console is running on)
  8. Click Finish
  9. In the Add/Remove Snap-in window, click OK


Step 2: Locate the SSL certificate 

  1. Go to Personal Certificates
  2. Right-click the SSL Certificate
  3. Select Properties
  4. Enter a Friendly Name value
  5. Click Apply, then click OK
  6. Go back to Personal > Certificates
  7. Double-click on the SSL certificate

 

On the General tab, under the validity dates, there should be a key with the following message:
 
"You have a private key that corresponds to this certificate"

NOTE: If this is present, close the certificate and the MMC and proceed to Step 3. If there is no reference to the private key, please follow these instructions to restore the private key.  please follow these instructions to restore the private key
If unable to restore the private key, the certificate will need to be replaced.
If the certificate needs to be replaced, please create a new CSR on the server by following these instructions. Once the new CSR has been created,  replace the certificate using these instructions.

Step 3: Bind the SSL certificate to the web site in IIS

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to Server name Sites > SSL-based site
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, choose Add (or Edit if an https binding already exists)
  5. From the Add/Edit Site Bindings window, provide the binding type
  6. Select the SSL certificate that will be used for the site
  7. Click OK

GET TOP-OF-THE-LINE SUPPORT TAILORED TO YOUR UNIQUE BUSINESS NEEDS.

SEE PLANS

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.