ERROR “CANNOT FIND THE CERTIFICATE REQUEST THAT IS ASSOCIATED WITH THIS CERTIFICATE FILE.
- A combination of the following factors contribute to the appearance of this error message:
- When installing the certificate, either the certificate file has been formatted wrongly or the incorrect extension file has been used.
- The CSR for this certificate was never generated on this system, and it is therefore invalid.
- If the private key in Microsoft IIS does not match the private key in the certificate you are installing, a private key mismatch may occur.
- The private key for this certificate has been corrupted or lost, or the server on which the CSR was generated is not the server on which the CSR is being used.
- For some reason, the incorrect certificate file is being used during the installation.
- You modified your system and lost track of the request.
First, we’ll have a look at what to do.
When installing the certificate, either the certificate file has been formatted wrongly or the incorrect extension file has been used.
Vi or Notepad can be used to copy and paste the certificate into a text file (which should be saved as.txt). Use of Microsoft Word or other word processing programs that may insert characters is not recommended. Please double-check that the file does not contain any extra lines or spaces. You should have something like this in your text file
Check to see that there are 5 dashes on either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks, or more characters have been mistakenly added in the process of creating the certificate.
Check to see that the CSR was created in this system by double-checking. If you don’t know, look for the original system to learn more.
Check to make sure that the pending request on that Windows system does not get deleted. Using IIS 6 (Server 2003) computers, it is simple to delete that particular request.
When a software update to the system is done, the request may be lost.
Step No. 1
- Perform the following steps to troubleshoot the missing pending request or the missing private key issues.
- Creation of a Certificate Management Snap-in in the Microsoft Management Console on a Windows server system (Step 1)
- MMC. How do I start? >? How do I run? >?
- Select the Console tab from the drop-down menu. What do you want to do with your file? Snap-ins can be added or removed.
- Add > by clicking on it. Certificates may be found by clicking on? Certificates and then on? Add.
- Select Computer Account > Next from the drop-down menu
- Local Computer > Finish is the option to select.
Close the door? Add a stand-alone Snap-in window to your project.
Okay, so you want to click on something? at the time of? The Snap-in window can be added or removed.
You will be returned to the management console, where you will be able to see the snap-in you created.
Step No. 2
- Importing your SSL certificate is the second step.
- Go to Certificates (Local Computer) > Personal > Certificates and then click OK.
- Right-click on Certificates and select All Tasks > Import from the drop-down menu.
- The Certificate Import Wizard will open, and you should select Next from the menu.
- By selecting Browse…, you can specify the location and path of your SSL certificate.
- Select Next from the drop-down menu.
- To browse to your certificate in the open window, it may be necessary to change the file type you are looking for in the drop-down option from All to All in the drop-down menu.
- Select Next from the drop-down menu.
- Finish by pressing the Finish button.
You should receive a notice indicating, “The import was successful,” after completing the process. To proceed, click OK.
In the middle of the Personal Certificates pain, you should notice an icon with a little key on it, indicating that your new certificate has appeared.
Double-clicking the certificate will allow you to inspect it one more time. If your certificate specifies that “you have a private key that matches this certificate,” you have a valid private key. In other words, your SSL Certificate has successfully married its private key and is now ready to be bound to its services, exported, and used in other ways.
To proceed, click OK.
If you are still unable to locate a private key linked with your certificate, use the following last-ditch debugging method:
Double-click your SSL certificate once it has been successfully imported into MMC (Management Console).
Select the Details to tab on the certificate information window that appears when it has been opened, then scroll down and select the Thumbprint field from the drop-down list.
When you click on the Thumbprint, it will display in the box below. To copy the fingerprint, select it and press Ctrl+A followed by Ctrl+C on the keyboard.
The following command should be entered into a Command Prompt (CMD) that has been run as an administrator.
- certutil -repair store my “thumbprint” my “thumbprint”
- A copy of the thumbprint can be pasted in between the quotation marks if you right-click on CMD and choose “Paste Special.”
- The command should be something like this:
- certutil -repairstore my “00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f” certutil -repairstore my “00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f” certutil -repairstore my “00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d
- Please keep in mind that if you see a Question Mark? Remove the thumbprint off the front of your hand.
- As soon as the command is completed successfully, you will be presented with a large amount of information, with the following message showing at its conclusion.
- The -repair store command from CertUtil was successfully executed.
Double-clicking the certificate in MMC will allow you to double-check it. If your certificate specifies that “you have a private key that matches this certificate,” you have a valid private key. This indicates that your SSL Certificate was successful in matching with its private key and that it is now ready for binding to services, export, and other uses.
If your SSL certificate has been imported and it does not declare that you have a private key, this indicates that your private key has been corrupted or that it has not been generated on this system. In this case, you will have to start from the beginning by establishing a new CSR > reissuing the SSL Certificate > and then performing the SSL Certificate installation.
To refresh the Exchange or IIS application, you can now return to the Exchange or IIS desktop and click the F5 key on your keyboard. Now that the private key has been added, your new certificate should be displayed. This means that you may now allocate the services to your websites and link them to them.