SOLVED: Certificate Disappears From IIS After COMPLETE CERTIFICATE REQUEST on Server 2016

If you add a certificate to IIS Manager SERVER CERTIFICATES section using COMPLETE CERTIFICATE REQUEST that appears without error but then is not visible the next time you go to (or refresh) the SERVER CERTIFICATES, we have the answer.

The problem is likely that you somehow added that certificate to your server using Certificates MMC.  This can easily happen if you are installing GoDaddy intermediate certificates.  You should only add the certificate named something like gd-g2_iis_intermediates.p7b and NOT the .CRT or .CER certificates.

The disappearing certificate is very frustrating but relatively easy to fix.  If you accidentally added your cert, rather than just the intermediate cert, you need to do four things:

  1. Remove that cert
  2. Get a the cert rekeyed
  3. Add the cert to IIS
  4. Assign the cert to your website

In my case I was working on adding a certificate to a Remote Desktop Services (RDS) Gateway and bunged it up.  Here is how I fixed it:

HOW TO REMOVE A CERTIFICATE:

  1. how-to-delete-a-certificateClick START, type mmc.exe and press the enter key
  2. Click FILE > ADD/REMOVE SNAP-INS
  3. Double click CERTIFICATES
  4. Select COMPUTER ACCOUNT
  5. Click FINISH (i.e. leave it at the LOCAL COMPUTER default)
  6. Click OK
  7. Expand CERTIFICATES > PERSONAL
  8. Right click on your cert that should not be there (in my case this was issued by GoDaddy).  Be careful NOT to select the default cert issued by your own server
  9. Select DELETE

HOW TO GET A CERTIFICATE REKEYED:

There no cost to getting a certificate rekeyed with any of the vendors I have used before.

Every vendor has their own process for getting a certificate rekeyed so I will not waste your time here other than the generic steps:

  1. how-to-rekey-godaddy-certificateYou need to create a new CSR using IIS as explained in THIS GoDaddy article.
  2. Go to your vendors website, find the place that you download your certificate.  There will likely be a REKEY option there.  In GoDaddy’s case the path is to sign in, click your name (top right corner), click MY PRODUCTS, expand SSL CERTIFICATES, click MANAGE on your certificate
  3. You will have to wait for verification again, but it should be very quick.  In GoDaddy’s case I have not seen it take more than 1 hour
  4. When the new certificate is ready, download it

ADD THE REKEYED CERTIFICATE TO IIS:

NOTE: You do NOT need to use the CERTIFICATES MMC here.   You only needed that MMC to install the intermediate certificates which will not have changed from the first time you added them.

  1. how-to-import-certificate-into-iisStart INTERNET INFORMATION SERVICES MANAGER (IIS Manager)
  2. Click on the host name of the server (not the website) and double click on SERVER CERTIFICATES applet (in the center section)
  3. Click COMPLETE CERTIFICATE REQUEST (either from the ACTIONS menu or just right click on blank space)
  4. Use the button find the .CRT or .CER file.  If you have a GoDaddy cert, it will be a .CRT and you will need to change the file type drop down box to *.* to see it.
  5. Type the FRIENDLY NAME as the exact name of the cert (i.e. rdsg.mydomain.com)
  6. Leave the SELECT A CERTIFICATE STORE at PERSONAL and click OK

If you are still confused how to install the cert or assign it to your website, THIS GoDaddy article will help.

ASSIGN THE REKEYED CERTIFICATE TO YOUR WEBSITE:

  1. how-to-assign-certificate-to-website-iis-rds-gatewayIn IIS Manager click on the website you want to use the certificate on (NOT the hostname of the server).  If this an RDS Gateway server, you will want to click DEFAULT WEB SITE
  2. Click BINDINGS (in the actions pane at the top right)
  3. Double click on the HTTPS option
  4. In the HOST NAME, type in the exact name used in your certificate (i.e. rds.mydomain.com)
  5. Select the new certificate from the SSL CERTIFICATE dropdown
  6. Click OK then OK and then have a nice day, you are done.

I found a number of other sites useful in figuring out this disappearing certificate issue, including THIS GoDaddy forum.

 

 

Comments

  1. Avatar
    Mohammed Sheriff Yousef November 8, 2019 at 5:27 pm

    You are so gorgeous, you saved me

  2. Avatar
    JAMES PERKINS August 13, 2019 at 8:34 pm

    Rekeying did not work for me. I had to “Create Certificate Request” from my server then submit this request for a rekey then it worked. When adding the certificate this time it stayed and did not disappear even when refreshing with the F5 key. I think Godaddy supplies their text keys and don’t explain what these are for and how to apply them.

  3. Avatar
    Maurício Welter June 26, 2019 at 12:39 pm

    thank you so much from Brasil …

  4. Avatar
    Lokesh Savdekar March 15, 2019 at 12:19 am

    thank you so much brother…you are great.

  5. Avatar
    Charles Fettinger March 14, 2019 at 11:18 am

    We had this issue with a godaddy certificate yesterday. We rekeyed 3 times, finally godaddy tech support created the cert from the 3rd CSR we had previously used and it worked. The Cert they generated was different when tech support created it.

    This is definitely a system issue at GoDaddy.

  6. Avatar
    shay January 18, 2019 at 8:22 am

    my friend, you are a life saver!!! tnx a lot 🙂

  7. Avatar
    Suraj November 1, 2018 at 12:58 pm

    Thanks a lot for sharing this. It made my day 🙂

Leave a Reply