picture of tbs certificates
picture of tbs certificates
Our products range

Install a certificate after having deleted the pending certificate request

When a pending certificate request is deleted the link between the private key and IIS is lost as well. The certificate cannot then be correctly installed. The link does not exist anymore but the private key is still in the Micrsoft IIS certificate store. Microsoft created a tool allowing th certificate installation even after the request desappearance: Certutil.exe.

Certutil tool has to be used with command lines: Start > Run and enter "cmd".
And follow the steps:
  • First, find the tool: %windir%\system32.
  • Enter certutil -addstore my certificate.p7b

  • The certificate.p7b parameter is the certificate you want to install. Do not forget the "my" argument!
    You should see a message like: CertUtil: -addstore command completed successfully
  • Go to the file manager, in the repertory where the .p7b file is and do right click > properties on the .p7b file
  • Right click on the certificate and select properties
  • look for the serial number field and copy it (CTRL+C)
  • Go back to the command and enter certutil -repairstore my "serial number"

  • serial number matchs the serial number previously registered. Do not forget the "my" argument and the quotes!
    You should see the message: Encryption test passed CertUtil: -repairstore command completed successfully.

    The link between the private key and the certifcate has been restored. Now the certificate must be installed on the site.
  • In IIS: right click > properties on the site to be secured, then go to the repertory security tab, server certificate button, choose replace and select the new certificate you just imported
To make sure the certificate has been correctly installed, go on your certificate status page and click on check your certificate.
If the verification returns an error the installation failed. You'll have to reissue your certificate.